Sign-up

ID

VAR-202505-0109


CVE

CVE-2025-4345


TITLE

D-Link Systems, Inc.  of  DIR-600L  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004728

DESCRIPTION

A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is a wireless router from D-Link, a Chinese company. The vulnerability is caused by the parameter host of the function formSetLog failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4345 // JVNDB: JVNDB-2025-004728 // CNVD: CNVD-2025-11196

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11196

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-600lscope:lteversion:2.07b01

Trust: 1.0

vendor:d linkmodel:dir-600lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-600lscope:lteversion:dir-600l firmware 2.07b01 and earlier

Trust: 0.8

vendor:d linkmodel:dir-600l <=2.07b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-11196 // JVNDB: JVNDB-2025-004728 // NVD: CVE-2025-4345

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4345
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-4345
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-004728
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-11196
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-4345
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004728
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11196
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4345
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4345
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-004728
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11196 // JVNDB: JVNDB-2025-004728 // NVD: CVE-2025-4345 // NVD: CVE-2025-4345

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004728 // NVD: CVE-2025-4345

EXTERNAL IDS

db:NVDid:CVE-2025-4345

Trust: 3.2

db:VULDBid:307463

Trust: 1.8

db:JVNDBid:JVNDB-2025-004728

Trust: 0.8

db:CNVDid:CNVD-2025-11196

Trust: 0.6

sources: CNVD: CNVD-2025-11196 // JVNDB: JVNDB-2025-004728 // NVD: CVE-2025-4345

REFERENCES

url:https://vuldb.com/?id.307463

Trust: 1.8

url:https://vuldb.com/?submit.558298

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.307463

Trust: 1.6

url:https://github.com/jylsec/vuldb/blob/main/d-link/dlink_dir600l/buffer_overflow-formsetlog-curtime/readme.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4345

Trust: 0.8

sources: CNVD: CNVD-2025-11196 // JVNDB: JVNDB-2025-004728 // NVD: CVE-2025-4345

SOURCES

db:CNVDid:CNVD-2025-11196
db:JVNDBid:JVNDB-2025-004728
db:NVDid:CVE-2025-4345

LAST UPDATE DATE

2025-06-02T23:27:02.942000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11196date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2025-004728date:2025-05-13T05:38:00
db:NVDid:CVE-2025-4345date:2025-05-12T17:29:38.077

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11196date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-004728date:2025-05-13T00:00:00
db:NVDid:CVE-2025-4345date:2025-05-06T10:15:16.460