ID
VAR-202505-0177
CVE
CVE-2025-4342
TITLE
D-Link Systems, Inc. of DIR-600L Buffer error vulnerability in firmware
Trust: 0.8
DESCRIPTION
A vulnerability, which was classified as critical, has been found in D-Link DIR-600L up to 2.07B01. Affected by this issue is the function formEasySetupWizard3. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-600L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-600L is an entry-level wireless router from D-Link, a Chinese company, that supports 150Mbps wireless transmission and four 100Mbps wired ports. D-Link DIR-600L has a buffer overflow vulnerability, which stems from the fact that the parameter host of the function formEasySetupWizard3 fails to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dir-600l | scope: | lte | version: | 2.07b01 | Trust: 1.0 |
| vendor: | d link | model: | dir-600l | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dir-600l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dir-600l | scope: | lte | version: | dir-600l firmware 2.07b01 and earlier | Trust: 0.8 |
| vendor: | d link | model: | dir-600l <=2.07b01 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
| problemtype: | CWE-119 | Trust: 1.0 |
| problemtype: | Buffer error (CWE-119) [ others ] | Trust: 0.8 |
| problemtype: | Classic buffer overflow (CWE-120) [NVD evaluation ] | Trust: 0.8 |
| problemtype: | Classic buffer overflow (CWE-120) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-4342 | Trust: 3.2 |
| db: | VULDB | id: | 307460 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2025-004929 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-11193 | Trust: 0.6 |
REFERENCES
| url: | https://vuldb.com/?id.307460 | Trust: 1.8 |
| url: | https://vuldb.com/?submit.558295 | Trust: 1.8 |
| url: | https://www.dlink.com/ | Trust: 1.8 |
| url: | https://github.com/jylsec/vuldb/blob/main/d-link/dlink_dir600l/buffer_overflow-formeasysetupwizard3-wan_connected/readme.md | Trust: 1.6 |
| url: | https://vuldb.com/?ctiid.307460 | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-4342 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-11193 |
| db: | JVNDB | id: | JVNDB-2025-004929 |
| db: | NVD | id: | CVE-2025-4342 |
LAST UPDATE DATE
2025-06-01T23:17:42.929000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-11193 | date: | 2025-05-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-004929 | date: | 2025-05-14T06:41:00 |
| db: | NVD | id: | CVE-2025-4342 | date: | 2025-05-13T20:25:14.167 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-11193 | date: | 2025-05-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-004929 | date: | 2025-05-14T00:00:00 |
| db: | NVD | id: | CVE-2025-4342 | date: | 2025-05-06T09:15:26.067 |