Sign-up

ID

VAR-202505-0092


CVE

CVE-2025-4344


TITLE

D-Link Systems, Inc.  of  DIR-600L  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004715

DESCRIPTION

A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the function formLogin fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4344 // JVNDB: JVNDB-2025-004715 // CNVD: CNVD-2025-11195

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11195

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-600lscope:lteversion:2.07b01

Trust: 1.0

vendor:d linkmodel:dir-600lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:lteversion:dir-600l firmware 2.07b01 and earlier

Trust: 0.8

vendor:d linkmodel:dir-600l <=2.07b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-11195 // JVNDB: JVNDB-2025-004715 // NVD: CVE-2025-4344

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4344
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-4344
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-004715
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-11195
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-4344
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004715
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11195
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4344
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4344
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-004715
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11195 // JVNDB: JVNDB-2025-004715 // NVD: CVE-2025-4344 // NVD: CVE-2025-4344

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004715 // NVD: CVE-2025-4344

EXTERNAL IDS

db:NVDid:CVE-2025-4344

Trust: 3.2

db:VULDBid:307461

Trust: 1.8

db:JVNDBid:JVNDB-2025-004715

Trust: 0.8

db:CNVDid:CNVD-2025-11195

Trust: 0.6

sources: CNVD: CNVD-2025-11195 // JVNDB: JVNDB-2025-004715 // NVD: CVE-2025-4344

REFERENCES

url:https://vuldb.com/?id.307461

Trust: 1.8

url:https://vuldb.com/?submit.558297

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://github.com/jylsec/vuldb/blob/main/d-link/dlink_dir600l/buffer_overflow-formlogin-curtime/readme.md

Trust: 1.6

url:https://vuldb.com/?ctiid.307461

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4344

Trust: 0.8

sources: CNVD: CNVD-2025-11195 // JVNDB: JVNDB-2025-004715 // NVD: CVE-2025-4344

SOURCES

db:CNVDid:CNVD-2025-11195
db:JVNDBid:JVNDB-2025-004715
db:NVDid:CVE-2025-4344

LAST UPDATE DATE

2025-06-01T23:20:26.250000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11195date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2025-004715date:2025-05-13T02:28:00
db:NVDid:CVE-2025-4344date:2025-05-12T17:28:56.030

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11195date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-004715date:2025-05-13T00:00:00
db:NVDid:CVE-2025-4344date:2025-05-06T10:15:16.240