DIR600L
by Dlink
CVEs (38)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42375 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The… | ||
| CVE-2026-42374 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The… | ||
| CVE-2016-10405 | Cri | 0.64 | 9.8 | 0.02 | Sep 7, 2017 | Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | ||
| CVE-2026-2163 | Med | 0.31 | 4.7 | 0.05 | Feb 8, 2026 | A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The… | ||
| CVE-2025-15194 | 0.00 | — | 0.01 | Dec 29, 2025 | A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to… | |||
| CVE-2025-60558 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ. | |||
| CVE-2025-60571 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS. | |||
| CVE-2025-60553 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. | |||
| CVE-2025-60551 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot. | |||
| CVE-2025-60547 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7. | |||
| CVE-2025-60562 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey. | |||
| CVE-2025-60565 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule. | |||
| CVE-2025-60568 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall. | |||
| CVE-2025-60570 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery. | |||
| CVE-2025-60569 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute. | |||
| CVE-2025-60550 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone. | |||
| CVE-2025-60559 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter. | |||
| CVE-2025-60566 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter. | |||
| CVE-2025-60548 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. | |||
| CVE-2025-60561 | 0.00 | — | 0.00 | Oct 24, 2025 | D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail. |
- risk 0.64cvss 9.8epss 0.00
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The…
- risk 0.64cvss 9.8epss 0.00
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The…
- risk 0.64cvss 9.8epss 0.02
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.
- risk 0.31cvss 4.7epss 0.05
A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The…
- CVE-2025-15194Dec 29, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to…
- CVE-2025-60558Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.
- CVE-2025-60571Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.
- CVE-2025-60553Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
- CVE-2025-60551Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.
- CVE-2025-60547Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.
- CVE-2025-60562Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.
- CVE-2025-60565Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.
- CVE-2025-60568Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.
- CVE-2025-60570Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.
- CVE-2025-60569Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.
- CVE-2025-60550Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.
- CVE-2025-60559Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.
- CVE-2025-60566Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.
- CVE-2025-60548Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
- CVE-2025-60561Oct 24, 2025risk 0.00cvss —epss 0.00
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.
Page 1 of 2