Description
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-03-15
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution via stack-based buffer overflow
Action: Replace Device
AI Analysis

Impact

A stack‑based buffer overflow exists in D‑Link DIR‑619L 2.06B01 within the boa component’s formSchedule function. Manipulating the curTime argument can overwrite the stack, allowing an attacker to execute arbitrary code. The vulnerability directly leads to remote code execution and is classified under CWE-119 and CWE-121.

Affected Systems

The flaw affects the D‑Link DIR‑619L product running firmware version 2.06B01. No other vendors or product lines are listed, and the affected model is no longer supported by the manufacturer.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. Although the EPSS score is below 1 %, the publicly available exploit and the remote nature of the attack mean that a compromised device could be leveraged by adversaries. Because the device is unsupported, no official patch exists and the vulnerability remains exploitable. The risk is elevated for any network in which the device remains accessible from the internet or an untrusted zone.

Generated by OpenCVE AI on March 21, 2026 at 14:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Remove or disconnect the D‑Link DIR‑619L from external networks
  • Block HTTP access to the /goform/formSchedule endpoint using network or device firewall rules
  • Monitor network traffic for abnormal activity targeting the device
  • Consider replacing the unsupported device with a supported, patched model

Generated by OpenCVE AI on March 21, 2026 at 14:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-619l
Vendors & Products D-link
D-link dir-619l

Sun, 15 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-619L boa formSchedule stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dir-619l
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T14:40:35.140Z

Reserved: 2026-03-14T22:27:49.637Z

Link: CVE-2026-4188

cve-icon Vulnrichment

Updated: 2026-03-16T14:36:44.851Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:20:01.717

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-4188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T14:01:15Z

Weaknesses