PT-2025-19934 · D Link · D-Link Dir-600
B1Nn
·
Published
2025-05-06
·
Updated
2025-05-06
·
CVE-2025-4344
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-600L versions up to 2.07B01
Description
A critical issue was found in the formLogin function, where manipulation of the
host argument leads to a buffer overflow. This can be initiated remotely. The issue only affects products that are no longer supported by the maintainer.Recommendations
For D-Link DIR-600L versions up to 2.07B01, as a temporary workaround, consider disabling the formLogin function until a patch is available. Restrict access to the formLogin function to minimize the risk of exploitation. Avoid using the
host argument in the affected function until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-600