Sign-up

ID

VAR-202505-0101


CVE

CVE-2025-4348


TITLE

D-Link Systems, Inc.  of  DIR-600L  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004736

DESCRIPTION

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the formSetWanL2TP function fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4348 // JVNDB: JVNDB-2025-004736 // CNVD: CNVD-2025-11198

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11198

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-600lscope:lteversion:2.07b01

Trust: 1.0

vendor:d linkmodel:dir-600lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:lteversion:dir-600l firmware 2.07b01 and earlier

Trust: 0.8

vendor:d linkmodel:dir-600l <=2.07b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-11198 // JVNDB: JVNDB-2025-004736 // NVD: CVE-2025-4348

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4348
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-4348
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-004736
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-11198
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-4348
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004736
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11198
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4348
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4348
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-004736
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11198 // JVNDB: JVNDB-2025-004736 // NVD: CVE-2025-4348 // NVD: CVE-2025-4348

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004736 // NVD: CVE-2025-4348

EXTERNAL IDS

db:NVDid:CVE-2025-4348

Trust: 3.2

db:VULDBid:307466

Trust: 1.8

db:JVNDBid:JVNDB-2025-004736

Trust: 0.8

db:CNVDid:CNVD-2025-11198

Trust: 0.6

sources: CNVD: CNVD-2025-11198 // JVNDB: JVNDB-2025-004736 // NVD: CVE-2025-4348

REFERENCES

url:https://vuldb.com/?id.307466

Trust: 1.8

url:https://vuldb.com/?submit.558301

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.307466

Trust: 1.6

url:https://github.com/jylsec/vuldb/blob/main/d-link/dlink_dir600l/buffer_ovrflow-formsetwanl2tp-curtime/readme.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4348

Trust: 0.8

sources: CNVD: CNVD-2025-11198 // JVNDB: JVNDB-2025-004736 // NVD: CVE-2025-4348

SOURCES

db:CNVDid:CNVD-2025-11198
db:JVNDBid:JVNDB-2025-004736
db:NVDid:CVE-2025-4348

LAST UPDATE DATE

2025-06-01T23:18:53.575000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11198date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2025-004736date:2025-05-13T05:42:00
db:NVDid:CVE-2025-4348date:2025-05-12T17:30:00.950

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11198date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-004736date:2025-05-13T00:00:00
db:NVDid:CVE-2025-4348date:2025-05-06T11:15:52.640