CVE-2025-4348: D-Link DIR-600L formSetWanL2TP buffer overflow
First published: Tue May 06 2025(Updated: )
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-600L Firmware | <=2.07B01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4348?
CVE-2025-4348 is rated as critical due to the potential for remote exploitation leading to a buffer overflow.
How do I fix CVE-2025-4348?
To mitigate CVE-2025-4348, update the D-Link DIR-600L to the latest firmware version beyond 2.07B01.
What products are affected by CVE-2025-4348?
CVE-2025-4348 affects the D-Link DIR-600L router running firmware versions up to 2.07B01.
Can CVE-2025-4348 be exploited remotely?
Yes, CVE-2025-4348 can be exploited remotely, which makes it particularly concerning for network security.
What specific function is vulnerable in CVE-2025-4348?
The vulnerable function in CVE-2025-4348 is formSetWanL2TP, which is susceptible to buffer overflow due to argument manipulation.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/d-link
- canonical/d-link dir-600l firmware