Sign-up

ID

VAR-202505-0083


CVE

CVE-2025-4346


TITLE

D-Link Systems, Inc.  of  DIR-600L  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004714

DESCRIPTION

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the formSetWAN_Wizard534 function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4346 // JVNDB: JVNDB-2025-004714 // CNVD: CNVD-2025-11197

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11197

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-600lscope:lteversion:2.07b01

Trust: 1.0

vendor:d linkmodel:dir-600lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:lteversion:dir-600l firmware 2.07b01 and earlier

Trust: 0.8

vendor:d linkmodel:dir-600l <=2.07b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-11197 // JVNDB: JVNDB-2025-004714 // NVD: CVE-2025-4346

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4346
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-4346
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-004714
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-11197
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-4346
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004714
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11197
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4346
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4346
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-004714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11197 // JVNDB: JVNDB-2025-004714 // NVD: CVE-2025-4346 // NVD: CVE-2025-4346

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004714 // NVD: CVE-2025-4346

EXTERNAL IDS

db:NVDid:CVE-2025-4346

Trust: 3.2

db:VULDBid:307464

Trust: 1.8

db:JVNDBid:JVNDB-2025-004714

Trust: 0.8

db:CNVDid:CNVD-2025-11197

Trust: 0.6

sources: CNVD: CNVD-2025-11197 // JVNDB: JVNDB-2025-004714 // NVD: CVE-2025-4346

REFERENCES

url:https://vuldb.com/?submit.558299

Trust: 2.4

url:https://vuldb.com/?id.307464

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.307464

Trust: 1.0

url:https://github.com/jylsec/vuldb/blob/main/d-link/dlink_dir600l/buffer_overflow-formsetwan_wizard534-curtime/readme.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4346

Trust: 0.8

sources: CNVD: CNVD-2025-11197 // JVNDB: JVNDB-2025-004714 // NVD: CVE-2025-4346

SOURCES

db:CNVDid:CNVD-2025-11197
db:JVNDBid:JVNDB-2025-004714
db:NVDid:CVE-2025-4346

LAST UPDATE DATE

2025-06-01T23:14:34.457000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11197date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2025-004714date:2025-05-13T02:28:00
db:NVDid:CVE-2025-4346date:2025-05-12T17:29:43.983

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11197date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-004714date:2025-05-13T00:00:00
db:NVDid:CVE-2025-4346date:2025-05-06T10:15:16.640