CVE-2025-4349: D-Link DIR-600L formSysCmd command injection
First published: Tue May 06 2025(Updated: )
A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-600L Firmware | <=2.07B01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4349?
CVE-2025-4349 is classified as a critical vulnerability.
How do I fix CVE-2025-4349?
To mitigate CVE-2025-4349, update the D-Link DIR-600L firmware to the latest version beyond 2.07B01.
What is the impact of CVE-2025-4349?
CVE-2025-4349 allows for remote command injection due to improper handling of the argument host.
Which devices are affected by CVE-2025-4349?
CVE-2025-4349 affects D-Link DIR-600L devices running firmware version up to 2.07B01.
Is CVE-2025-4349 exploitable over the internet?
Yes, CVE-2025-4349 can be exploited remotely, making it critical for internet-connected devices.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/title
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/d-link
- canonical/d-link dir-600l firmware