VYPR

DIR600L

by Dlink

CVEs (28)

  • CVE-2026-42375CriMay 4, 2026
    Dlink
    Dir 600l Firmware
    risk 0.64cvss 9.8epss 0.00

    D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.

  • CVE-2026-42374CriMay 4, 2026
    Dlink
    Dir 600l Firmware
    risk 0.64cvss 9.8epss 0.00

    D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control.  The device has reached End-of-Life (EOL) and will not receive patches.

  • CVE-2026-2163MedFeb 8, 2026
    Dlink
    Dir 600 Firmware
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2025-15194Dec 29, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2025-60562Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.

  • CVE-2025-60571Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.

  • CVE-2025-60565Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.

  • CVE-2025-60553Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.

  • CVE-2025-60568Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.

  • CVE-2025-60570Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.

  • CVE-2025-60569Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.

  • CVE-2025-60551Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.

  • CVE-2025-60550Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.

  • CVE-2025-60547Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.

  • CVE-2025-60561Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.

  • CVE-2025-60559Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.

  • CVE-2025-60552Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.

  • CVE-2025-60566Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.

  • CVE-2025-60549Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.

  • CVE-2025-60557Oct 24, 2025
    Dlink
    DIR600L
    risk 0.00cvss epss 0.00

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.

Page 1 of 2