CVE-2025-4346

Name of the Vulnerable Software and Affected Versions D-Link DIR-600L versions 2.07B01 and earlier

Description A critical issue has been identified, affecting the function formSetWAN Wizard534. The manipulation of the argument host leads to a buffer overflow, allowing for remote attack execution. This issue only affects products that are no longer supported by the manufacturer.

Recommendations For D-Link DIR-600L versions 2.07B01 and earlier, as a temporary workaround, consider disabling the formSetWAN Wizard534 function until a patch is available. Restrict access to the affected function to minimize the risk of exploitation. Avoid using the host argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.