DIR-600
by Dlink
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12943 | Cri | 0.70 | 9.8 | 0.39 | Aug 18, 2017 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | ||
| CVE-2014-100005 | Hig | 0.70 | 8.0 | 0.42 | KEV | Jan 13, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management… | |
| CVE-2023-33625 | 0.10 | — | 0.33 | Jun 12, 2023 | D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. | |||
| CVE-2013-10069 | 0.09 | — | 0.12 | Aug 5, 2025 | The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw… | |||
| CVE-2013-10048 | 0.09 | — | 0.12 | Aug 1, 2025 | An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST… | |||
| CVE-2013-7471 | 0.02 | — | 0.24 | Jun 11, 2019 | An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or… | |||
| CVE-2025-15194 | 0.00 | — | 0.01 | Dec 29, 2025 | A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to… | |||
| CVE-2018-25115 | 0.00 | — | 0.09 | Aug 27, 2025 | Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication.… | |||
| CVE-2025-4350 | 0.00 | — | 0.03 | May 6, 2025 | A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects… | |||
| CVE-2025-4349 | 0.00 | — | 0.03 | May 6, 2025 | A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects… | |||
| CVE-2025-4348 | 0.00 | — | 0.02 | May 6, 2025 | A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects… | |||
| CVE-2025-4347 | 0.00 | — | 0.01 | May 6, 2025 | A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability… | |||
| CVE-2025-4346 | 0.00 | — | 0.01 | May 6, 2025 | A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only… | |||
| CVE-2025-4345 | 0.00 | — | 0.01 | May 6, 2025 | A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability only affects products that… | |||
| CVE-2025-4344 | 0.00 | — | 0.01 | May 6, 2025 | A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects… | |||
| CVE-2025-4343 | 0.00 | — | 0.01 | May 6, 2025 | A vulnerability has been found in D-Link DIR-600L up to 2.07B01 and classified as critical. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. This vulnerability only… | |||
| CVE-2025-4342 | 0.00 | — | 0.01 | May 6, 2025 | A vulnerability, which was classified as critical, has been found in D-Link DIR-600L up to 2.07B01. Affected by this issue is the function formEasySetupWizard3. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This… | |||
| CVE-2024-7357 | 0.00 | — | 0.06 | Aug 1, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be… | |||
| CVE-2024-33774 | 0.00 | — | 0.01 | May 10, 2024 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." | |||
| CVE-2024-33773 | 0.00 | — | 0.01 | May 10, 2024 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." |
- risk 0.70cvss 9.8epss 0.39
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
- risk 0.70cvss 8.0epss 0.42
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management…
- CVE-2023-33625Jun 12, 2023risk 0.10cvss —epss 0.33
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
- CVE-2013-10069Aug 5, 2025risk 0.09cvss —epss 0.12
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw…
- CVE-2013-10048Aug 1, 2025risk 0.09cvss —epss 0.12
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST…
- CVE-2013-7471Jun 11, 2019risk 0.02cvss —epss 0.24
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or…
- CVE-2025-15194Dec 29, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to…
- CVE-2018-25115Aug 27, 2025risk 0.00cvss —epss 0.09
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication.…
- CVE-2025-4350May 6, 2025risk 0.00cvss —epss 0.03
A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects…
- CVE-2025-4349May 6, 2025risk 0.00cvss —epss 0.03
A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects…
- CVE-2025-4348May 6, 2025risk 0.00cvss —epss 0.02
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects…
- CVE-2025-4347May 6, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability…
- CVE-2025-4346May 6, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only…
- CVE-2025-4345May 6, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability only affects products that…
- CVE-2025-4344May 6, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects…
- CVE-2025-4343May 6, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in D-Link DIR-600L up to 2.07B01 and classified as critical. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. This vulnerability only…
- CVE-2025-4342May 6, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in D-Link DIR-600L up to 2.07B01. Affected by this issue is the function formEasySetupWizard3. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This…
- CVE-2024-7357Aug 1, 2024risk 0.00cvss —epss 0.06
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be…
- CVE-2024-33774May 10, 2024risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
- CVE-2024-33773May 10, 2024risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
Page 1 of 2