Unrated severityNVD Advisory· Published Dec 29, 2025· Updated Dec 29, 2025

D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow

CVE-2025-15194

Description

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

Dlink/DIR600Lllm-fuzzy
Range: <=2.15WWb02
D-Link/DIR-600v5
Range: 2.15WWb02

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.mdmitreexploit
vuldb.commitrethird-party-advisory
github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.mdmitrerelated
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.dlink.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000