PT-2025-19934 · D Link · D-Link Dir-600

B1Nn

Publicado

2025-05-06

Atualizado

2025-05-06

CVE-2025-4344

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DIR-600L versions up to 2.07B01

Description A critical issue was found in the formLogin function, where manipulation of the host argument leads to a buffer overflow. This can be initiated remotely. The issue only affects products that are no longer supported by the maintainer.

Recommendations For D-Link DIR-600L versions up to 2.07B01, as a temporary workaround, consider disabling the formLogin function until a patch is available. Restrict access to the formLogin function to minimize the risk of exploitation. Avoid using the host argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120CWE-119

Identificadores relacionados

BDU:2025-05485

CVE-2025-4344

Produtos afetados

D-Link Dir-600

PT-2025-19934 · D Link · D-Link Dir-600

CVE-2025-4344

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16