Sign-up

ID

VAR-202512-2587


CVE

CVE-2025-15194


TITLE

D-Link Corporation of DIR-600  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024687

DESCRIPTION

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. Exploits are publicly available and can be exploited in the wild. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-15194 // JVNDB: JVNDB-2025-024687

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-600scope:eqversion:2.15ww

Trust: 1.0

vendor:d linkmodel:dir-600scope:eqversion:dir-600 firmware 2.15ww

Trust: 0.8

vendor:d linkmodel:dir-600scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-600scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-024687 // NVD: CVE-2025-15194

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-15194
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-024687
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2025-15194
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-024687
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-15194
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-024687
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-024687 // NVD: CVE-2025-15194

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-024687 // NVD: CVE-2025-15194

PATCH

title:D-Link DIR-600 v2.15WWb02 and possibly earlier versions Stack-based Buffer Overflowurl:https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md

Trust: 0.8

sources: JVNDB: JVNDB-2025-024687

EXTERNAL IDS

db:NVDid:CVE-2025-15194

Trust: 2.6

db:VULDBid:338581

Trust: 1.0

db:JVNDBid:JVNDB-2025-024687

Trust: 0.8

sources: JVNDB: JVNDB-2025-024687 // NVD: CVE-2025-15194

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?id.338581

Trust: 1.0

url:https://vuldb.com/?submit.724404

Trust: 1.0

url:https://github.com/lontan0/cve/blob/main/stack-based%20buffer%20overflow%20vulnerability%20in%20hedwig.cgi%20of%20d-link%20dir-600.md#poc

Trust: 1.0

url:https://vuldb.com/?ctiid.338581

Trust: 1.0

url:https://github.com/lontan0/cve/blob/main/stack-based%20buffer%20overflow%20vulnerability%20in%20hedwig.cgi%20of%20d-link%20dir-600.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-15194

Trust: 0.8

sources: JVNDB: JVNDB-2025-024687 // NVD: CVE-2025-15194

SOURCES

db:JVNDBid:JVNDB-2025-024687
db:NVDid:CVE-2025-15194

LAST UPDATE DATE

2026-01-16T23:10:14.466000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-024687date:2026-01-15T07:20:00
db:NVDid:CVE-2025-15194date:2026-01-13T21:11:47.320

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-024687date:2026-01-15T00:00:00
db:NVDid:CVE-2025-15194date:2025-12-29T16:15:41.890