Command Injection Vulnerability in D-Link DIR-600L Devices
CVE-2025-4349

8.7HIGH

Key Information:

Vendor
D-link
Status
Dir-600l
Vendor
CVE Published:
6 May 2025

Summary

A command injection vulnerability in the D-Link DIR-600L device allows remote attackers to exploit the formSysCmd functionality by manipulating the host argument. This issue primarily impacts devices with firmware version 2.07B01 and earlier, which are no longer supported by D-Link. Exploitation of this vulnerability enables an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access and control of the device.

Affected Version(s)

DIR-600L 2.07B01

References

https://vuldb.com/?id.307467
vdb-entrytechnical-description
https://vuldb.com/?ctiid.307467
signaturepermissions-required
https://vuldb.com/?submit.558302
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

B1Nn (VulDB User)
.
CVE-2025-4349 : Command Injection Vulnerability in D-Link DIR-600L Devices | SecurityVulnerability.io