ID
VAR-202505-0120
CVE
CVE-2025-4347
TITLE
D-Link Systems, Inc. of DIR-600L Buffer error vulnerability in firmware
Trust: 0.8
DESCRIPTION
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the formWlSiteSurvey function fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dir-600l | scope: | lte | version: | 2.07b01 | Trust: 1.0 |
| vendor: | d link | model: | dir-600l | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dir-600l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dir-600l | scope: | lte | version: | dir-600l firmware 2.07b01 and earlier | Trust: 0.8 |
| vendor: | d link | model: | dir-600l <=2.07b01 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
| problemtype: | CWE-119 | Trust: 1.0 |
| problemtype: | Buffer error (CWE-119) [ others ] | Trust: 0.8 |
| problemtype: | Classic buffer overflow (CWE-120) [NVD evaluation ] | Trust: 0.8 |
| problemtype: | Classic buffer overflow (CWE-120) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-4347 | Trust: 3.2 |
| db: | VULDB | id: | 307465 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2025-004824 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-11226 | Trust: 0.6 |
REFERENCES
| url: | https://vuldb.com/?submit.558300 | Trust: 2.4 |
| url: | https://vuldb.com/?id.307465 | Trust: 1.8 |
| url: | https://www.dlink.com/ | Trust: 1.8 |
| url: | https://github.com/jylsec/vuldb/blob/main/d-link/dlink_dir600l/buffer_overflow-formwlsitesurvey-curtime/readme.md | Trust: 1.0 |
| url: | https://vuldb.com/?ctiid.307465 | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-4347 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-11226 |
| db: | JVNDB | id: | JVNDB-2025-004824 |
| db: | NVD | id: | CVE-2025-4347 |
LAST UPDATE DATE
2025-06-01T23:15:39.048000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-11226 | date: | 2025-05-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-004824 | date: | 2025-05-13T12:49:00 |
| db: | NVD | id: | CVE-2025-4347 | date: | 2025-05-12T17:29:52.680 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-11226 | date: | 2025-05-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-004824 | date: | 2025-05-13T00:00:00 |
| db: | NVD | id: | CVE-2025-4347 | date: | 2025-05-06T11:15:52.457 |