Command Injection Vulnerability in D-Link DIR-600L Devices
CVE-2025-4349
8.7HIGH
What is CVE-2025-4349?
A command injection vulnerability in the D-Link DIR-600L device allows remote attackers to exploit the formSysCmd functionality by manipulating the host argument. This issue primarily impacts devices with firmware version 2.07B01 and earlier, which are no longer supported by D-Link. Exploitation of this vulnerability enables an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access and control of the device.
Affected Version(s)
DIR-600L 2.07B01