A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.
References
Link | Resource |
---|---|
https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-formSysCmd-sysCmd/README.md | Third Party Advisory Broken Link |
https://vuldb.com/?ctiid.307467 | Permissions Required |
https://vuldb.com/?id.307467 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.558302 | Third Party Advisory VDB Entry |
https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
History
12 May 2025, 17:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-formSysCmd-sysCmd/README.md - Third Party Advisory, Broken Link | |
References | () https://vuldb.com/?ctiid.307467 - Permissions Required | |
References | () https://vuldb.com/?id.307467 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.558302 - Third Party Advisory, VDB Entry | |
References | () https://www.dlink.com/ - Product | |
CPE | cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-600l:-:*:*:*:*:*:*:* |
|
First Time |
Dlink dir-600l
Dlink dir-600l Firmware Dlink |
07 May 2025, 14:13
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 May 2025, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-06 12:15
Updated : 2025-05-12 17:30
NVD link : CVE-2025-4349
Mitre link : CVE-2025-4349
CVE.ORG link : CVE-2025-4349
JSON object : View
Products Affected
dlink
- dir-600l_firmware
- dir-600l