CVE-2025-4349

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Published: May 6, 2025
Updated: May 13, 2025
CVE: CVE-2025-4349
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dlink / dir-600l_firmware	-	2.07b01.x

https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-formSysCmd-sysCmd/README.md
https://vuldb.com/?ctiid.307467
https://vuldb.com/?id.307467
https://vuldb.com/?submit.558302
https://www.dlink.com/

Vulnerability Database

CVE-2025-4349

Deep Security Visibility Without the Complexity