CVE-2025-4350

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Published: May 6, 2025
Updated: May 13, 2025
CVE: CVE-2025-4350
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dlink / dir-600l_firmware	-	2.07b01.x

https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-wake_on_lan-mac/README.md
https://vuldb.com/?ctiid.307468
https://vuldb.com/?id.307468
https://vuldb.com/?submit.558303
https://www.dlink.com/

Vulnerability Database

CVE-2025-4350

Deep Security Visibility Without the Complexity