Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for DIR-600 by D-Link

    CVE-2026-2163 (GCVE-0-2026-2163)

    Vulnerability from nvd – Published: 2026-02-08 16:32 – Updated: 2026-02-23 09:44 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-600 ssdp.cgi command injection
    Summary
    A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 2.15WWb02
    Create a notification for this product.
    Credits
    LonTan0 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2163",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T21:15:25.529171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T21:15:34.885Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.15WWb02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LonTan0 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T09:44:29.113Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-344865 | D-Link DIR-600 ssdp.cgi command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.344865"
            },
            {
              "name": "VDB-344865 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.344865"
            },
            {
              "name": "Submit #751764 | D-Link D-Link DIR-600 v2.15WWb02 Remote Arbitrary Command Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.751764"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-07T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-12T08:47:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-600 ssdp.cgi command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-2163",
        "datePublished": "2026-02-08T16:32:09.507Z",
        "dateReserved": "2026-02-07T09:06:36.248Z",
        "dateUpdated": "2026-02-23T09:44:29.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0625 (GCVE-0-2026-0625)

    Vulnerability from nvd – Published: 2026-01-05 21:14 – Updated: 2026-05-25 23:41 Unsupported When Assigned X_Known Exploited Vulnerability
    VLAI KEVIntel
    Title
    D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint
    Summary
    Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Credits
    The Shadowserver Foundation VulnCheck
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T17:34:19.015227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T17:34:41.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "DSL-2640B",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-2740R",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-2780B",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-526B",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-2640T",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-500",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-500G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-502G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-905L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-608",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-610",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-611",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DNS-320",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DNS-325",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DNS-345",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dsl-2640b_firmware:eu_4.01b:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dsl-2740r_firmware:uk_1.01:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dsl-2740r:-:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dsl-2640t:-:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dsl-2640t_firmware:-:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The Shadowserver Foundation"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulnCheck"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device\u2019s DNS settings without valid credentials, enabling DNS hijacking (\u201cDNSChanger\u201d) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the \"GhostDNS\" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).\u003cbr\u003e"
                }
              ],
              "value": "Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device\u2019s DNS settings without valid credentials, enabling DNS hijacking (\u201cDNSChanger\u201d) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the \"GhostDNS\" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:41:34.467Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "mitigation"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10488"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10068"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10118"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "D-Link Systems, Inc. recommends retiring these products and replacing them with products that receive firmware updates.\u003cbr\u003e"
                }
              ],
              "value": "D-Link Systems, Inc. recommends retiring these products and replacing them with products that receive firmware updates."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned",
            "x_known-exploited-vulnerability"
          ],
          "title": "D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-0625",
        "datePublished": "2026-01-05T21:14:48.992Z",
        "dateReserved": "2026-01-05T20:59:29.705Z",
        "dateUpdated": "2026-05-25T23:41:34.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15194 (GCVE-0-2025-15194)

    Vulnerability from nvd – Published: 2025-12-29 15:32 – Updated: 2025-12-29 16:10 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow
    Summary
    A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 2.15WWb02
    Create a notification for this product.
    Credits
    LonTan0 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15194",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:10:02.625446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:10:13.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP Header Handler"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.15WWb02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LonTan0 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T15:32:09.818Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338581 | D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338581"
            },
            {
              "name": "VDB-338581 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338581"
            },
            {
              "name": "Submit #724404 | D-Link DIR-600 v2.15WWb02 and possibly earlier versions Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.724404"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:37:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15194",
        "datePublished": "2025-12-29T15:32:09.818Z",
        "dateReserved": "2025-12-28T09:32:14.530Z",
        "dateUpdated": "2025-12-29T16:10:13.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-25115 (GCVE-0-2018-25115)

    Vulnerability from nvd – Published: 2025-08-27 21:24 – Updated: 2026-05-25 23:40 X_Known Exploited Vulnerability Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-110/412/600/615/645/815 RCE via service.cgi
    Summary
    Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Date Public
    2018-01-10 00:00
    Credits
    Cr0n1c
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T13:53:40.553346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T13:55:16.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-110",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-412",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-645",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-110:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-100:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-600:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-645:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-815:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cr0n1c"
            }
          ],
          "datePublic": "2018-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2025-08-21 UTC.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:40:59.072Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://github.com/Cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/43496"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://legacy.us.dlink.com/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://support.dlink.com/EndOfLifePolicy.aspx"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgi"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_known-exploited-vulnerability",
            "unsupported-when-assigned"
          ],
          "title": "D-Link DIR-110/412/600/615/645/815 RCE via service.cgi",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25115",
        "datePublished": "2025-08-27T21:24:23.427Z",
        "dateReserved": "2025-08-25T17:39:38.473Z",
        "dateUpdated": "2026-05-25T23:40:59.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-10048 (GCVE-0-2013-10048)

    Vulnerability from nvd – Published: 2025-08-01 20:39 – Updated: 2026-05-15 11:14 Unsupported When Assigned
    VLAI
    Title
    D-Link Devices command.php Unauthenticated RCE
    Summary
    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 0 , ≤ 2.14b01 (custom)
    Create a notification for this product.
    D-Link DIR-300 Affected: 0 , ≤ 2.13 (custom)
    Create a notification for this product.
    Date Public
    2013-02-05 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10048",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T14:21:52.250244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T14:22:11.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/27528"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.14b01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-600:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.14b01",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-300:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated \u003ccode\u003ecommand.php\u003c/code\u003e endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the \u003ccode\u003ecmd\u003c/code\u003e parameter.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T11:14:13.668Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/24453"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/27528"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20131022221648/http://www.s3cur1ty.de/m1adv2013-003"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "D-Link Devices command.php Unauthenticated RCE",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10048",
        "datePublished": "2025-08-01T20:39:20.417Z",
        "dateReserved": "2025-08-01T14:08:41.917Z",
        "dateUpdated": "2026-05-15T11:14:13.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7357 (GCVE-0-2024-7357)

    Vulnerability from nvd – Published: 2024-08-01 13:00 – Updated: 2024-08-07 13:55 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-600 soap.cgi soapcgi_main os command injection
    Summary
    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Affected: 2.3
    Affected: 2.4
    Affected: 2.5
    Affected: 2.6
    Affected: 2.7
    Affected: 2.8
    Affected: 2.9
    Affected: 2.10
    Affected: 2.11
    Affected: 2.12
    Affected: 2.13
    Affected: 2.14
    Affected: 2.15
    Affected: 2.16
    Affected: 2.17
    Affected: 2.18
    Create a notification for this product.
    d-link dir-600 Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Affected: 2.3
    Affected: 2.4
    Affected: 2.5
    Affected: 2.6
    Affected: 2.7
    Affected: 2.8
    Affected: 2.9
    Affected: 2.10
    Affected: 2.11
    Affected: 2.12
    Affected: 2.13
    Affected: 2.14
    Affected: 2.15
    Affected: 2.16
    Affected: 2.17
    Affected: 2.18
        cpe:2.3:h:d-link:dir-600:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    BeaCox (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:d-link:dir-600:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dir-600",
                "vendor": "d-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  },
                  {
                    "status": "affected",
                    "version": "2.3"
                  },
                  {
                    "status": "affected",
                    "version": "2.4"
                  },
                  {
                    "status": "affected",
                    "version": "2.5"
                  },
                  {
                    "status": "affected",
                    "version": "2.6"
                  },
                  {
                    "status": "affected",
                    "version": "2.7"
                  },
                  {
                    "status": "affected",
                    "version": "2.8"
                  },
                  {
                    "status": "affected",
                    "version": "2.9"
                  },
                  {
                    "status": "affected",
                    "version": "2.10"
                  },
                  {
                    "status": "affected",
                    "version": "2.11"
                  },
                  {
                    "status": "affected",
                    "version": "2.12"
                  },
                  {
                    "status": "affected",
                    "version": "2.13"
                  },
                  {
                    "status": "affected",
                    "version": "2.14"
                  },
                  {
                    "status": "affected",
                    "version": "2.15"
                  },
                  {
                    "status": "affected",
                    "version": "2.16"
                  },
                  {
                    "status": "affected",
                    "version": "2.17"
                  },
                  {
                    "status": "affected",
                    "version": "2.18"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7357",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T13:50:41.237527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:55:58.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                },
                {
                  "status": "affected",
                  "version": "2.3"
                },
                {
                  "status": "affected",
                  "version": "2.4"
                },
                {
                  "status": "affected",
                  "version": "2.5"
                },
                {
                  "status": "affected",
                  "version": "2.6"
                },
                {
                  "status": "affected",
                  "version": "2.7"
                },
                {
                  "status": "affected",
                  "version": "2.8"
                },
                {
                  "status": "affected",
                  "version": "2.9"
                },
                {
                  "status": "affected",
                  "version": "2.10"
                },
                {
                  "status": "affected",
                  "version": "2.11"
                },
                {
                  "status": "affected",
                  "version": "2.12"
                },
                {
                  "status": "affected",
                  "version": "2.13"
                },
                {
                  "status": "affected",
                  "version": "2.14"
                },
                {
                  "status": "affected",
                  "version": "2.15"
                },
                {
                  "status": "affected",
                  "version": "2.16"
                },
                {
                  "status": "affected",
                  "version": "2.17"
                },
                {
                  "status": "affected",
                  "version": "2.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BeaCox (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in D-Link DIR-600 bis 2.18 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion soapcgi_main der Datei /soap.cgi. Dank Manipulation des Arguments service mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T13:00:09.320Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273329 | D-Link DIR-600 soap.cgi soapcgi_main os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273329"
            },
            {
              "name": "VDB-273329 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273329"
            },
            {
              "name": "Submit #383695 | D-Link DIR-600  2.18 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.383695"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BeaCox/IoT_vuln/tree/main/D-Link/DIR-600/soapcgi_main_injection"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10408"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-01T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-01T08:16:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-600 soap.cgi soapcgi_main os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7357",
        "datePublished": "2024-08-01T13:00:09.320Z",
        "dateReserved": "2024-08-01T06:10:51.582Z",
        "dateUpdated": "2024-08-07T13:55:58.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-2163 (GCVE-0-2026-2163)

    Vulnerability from cvelistv5 – Published: 2026-02-08 16:32 – Updated: 2026-02-23 09:44 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-600 ssdp.cgi command injection
    Summary
    A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 2.15WWb02
    Create a notification for this product.
    Credits
    LonTan0 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2163",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T21:15:25.529171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T21:15:34.885Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.15WWb02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LonTan0 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T09:44:29.113Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-344865 | D-Link DIR-600 ssdp.cgi command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.344865"
            },
            {
              "name": "VDB-344865 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.344865"
            },
            {
              "name": "Submit #751764 | D-Link D-Link DIR-600 v2.15WWb02 Remote Arbitrary Command Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.751764"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-07T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-12T08:47:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-600 ssdp.cgi command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-2163",
        "datePublished": "2026-02-08T16:32:09.507Z",
        "dateReserved": "2026-02-07T09:06:36.248Z",
        "dateUpdated": "2026-02-23T09:44:29.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0625 (GCVE-0-2026-0625)

    Vulnerability from cvelistv5 – Published: 2026-01-05 21:14 – Updated: 2026-05-25 23:41 Unsupported When Assigned X_Known Exploited Vulnerability
    VLAI KEVIntel
    Title
    D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint
    Summary
    Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Credits
    The Shadowserver Foundation VulnCheck
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T17:34:19.015227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T17:34:41.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "DSL-2640B",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-2740R",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-2780B",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-526B",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-2640T",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-500",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-500G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DSL-502G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-905L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-608",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-610",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-611",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DNS-320",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DNS-325",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DNS-345",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dsl-2640b_firmware:eu_4.01b:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dsl-2740r_firmware:uk_1.01:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dsl-2740r:-:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dsl-2640t:-:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dsl-2640t_firmware:-:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The Shadowserver Foundation"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulnCheck"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device\u2019s DNS settings without valid credentials, enabling DNS hijacking (\u201cDNSChanger\u201d) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the \"GhostDNS\" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).\u003cbr\u003e"
                }
              ],
              "value": "Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device\u2019s DNS settings without valid credentials, enabling DNS hijacking (\u201cDNSChanger\u201d) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the \"GhostDNS\" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:41:34.467Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "mitigation"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10488"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10068"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10118"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "D-Link Systems, Inc. recommends retiring these products and replacing them with products that receive firmware updates.\u003cbr\u003e"
                }
              ],
              "value": "D-Link Systems, Inc. recommends retiring these products and replacing them with products that receive firmware updates."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned",
            "x_known-exploited-vulnerability"
          ],
          "title": "D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-0625",
        "datePublished": "2026-01-05T21:14:48.992Z",
        "dateReserved": "2026-01-05T20:59:29.705Z",
        "dateUpdated": "2026-05-25T23:41:34.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15194 (GCVE-0-2025-15194)

    Vulnerability from cvelistv5 – Published: 2025-12-29 15:32 – Updated: 2025-12-29 16:10 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow
    Summary
    A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 2.15WWb02
    Create a notification for this product.
    Credits
    LonTan0 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15194",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:10:02.625446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:10:13.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP Header Handler"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.15WWb02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LonTan0 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T15:32:09.818Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338581 | D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338581"
            },
            {
              "name": "VDB-338581 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338581"
            },
            {
              "name": "Submit #724404 | D-Link DIR-600 v2.15WWb02 and possibly earlier versions Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.724404"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:37:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15194",
        "datePublished": "2025-12-29T15:32:09.818Z",
        "dateReserved": "2025-12-28T09:32:14.530Z",
        "dateUpdated": "2025-12-29T16:10:13.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-25115 (GCVE-0-2018-25115)

    Vulnerability from cvelistv5 – Published: 2025-08-27 21:24 – Updated: 2026-05-25 23:40 X_Known Exploited Vulnerability Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-110/412/600/615/645/815 RCE via service.cgi
    Summary
    Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Date Public
    2018-01-10 00:00
    Credits
    Cr0n1c
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T13:53:40.553346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T13:55:16.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-110",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-412",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-645",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-110:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-100:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-600:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-645:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-815:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cr0n1c"
            }
          ],
          "datePublic": "2018-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2025-08-21 UTC.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:40:59.072Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://github.com/Cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/43496"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://legacy.us.dlink.com/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://support.dlink.com/EndOfLifePolicy.aspx"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgi"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_known-exploited-vulnerability",
            "unsupported-when-assigned"
          ],
          "title": "D-Link DIR-110/412/600/615/645/815 RCE via service.cgi",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25115",
        "datePublished": "2025-08-27T21:24:23.427Z",
        "dateReserved": "2025-08-25T17:39:38.473Z",
        "dateUpdated": "2026-05-25T23:40:59.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-10048 (GCVE-0-2013-10048)

    Vulnerability from cvelistv5 – Published: 2025-08-01 20:39 – Updated: 2026-05-15 11:14 Unsupported When Assigned
    VLAI
    Title
    D-Link Devices command.php Unauthenticated RCE
    Summary
    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 0 , ≤ 2.14b01 (custom)
    Create a notification for this product.
    D-Link DIR-300 Affected: 0 , ≤ 2.13 (custom)
    Create a notification for this product.
    Date Public
    2013-02-05 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10048",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T14:21:52.250244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T14:22:11.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/27528"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.14b01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-600:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.14b01",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-300:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated \u003ccode\u003ecommand.php\u003c/code\u003e endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the \u003ccode\u003ecmd\u003c/code\u003e parameter.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T11:14:13.668Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/24453"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/27528"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20131022221648/http://www.s3cur1ty.de/m1adv2013-003"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "D-Link Devices command.php Unauthenticated RCE",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10048",
        "datePublished": "2025-08-01T20:39:20.417Z",
        "dateReserved": "2025-08-01T14:08:41.917Z",
        "dateUpdated": "2026-05-15T11:14:13.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7357 (GCVE-0-2024-7357)

    Vulnerability from cvelistv5 – Published: 2024-08-01 13:00 – Updated: 2024-08-07 13:55 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-600 soap.cgi soapcgi_main os command injection
    Summary
    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Affected: 2.3
    Affected: 2.4
    Affected: 2.5
    Affected: 2.6
    Affected: 2.7
    Affected: 2.8
    Affected: 2.9
    Affected: 2.10
    Affected: 2.11
    Affected: 2.12
    Affected: 2.13
    Affected: 2.14
    Affected: 2.15
    Affected: 2.16
    Affected: 2.17
    Affected: 2.18
    Create a notification for this product.
    d-link dir-600 Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Affected: 2.3
    Affected: 2.4
    Affected: 2.5
    Affected: 2.6
    Affected: 2.7
    Affected: 2.8
    Affected: 2.9
    Affected: 2.10
    Affected: 2.11
    Affected: 2.12
    Affected: 2.13
    Affected: 2.14
    Affected: 2.15
    Affected: 2.16
    Affected: 2.17
    Affected: 2.18
        cpe:2.3:h:d-link:dir-600:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    BeaCox (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:d-link:dir-600:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dir-600",
                "vendor": "d-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  },
                  {
                    "status": "affected",
                    "version": "2.3"
                  },
                  {
                    "status": "affected",
                    "version": "2.4"
                  },
                  {
                    "status": "affected",
                    "version": "2.5"
                  },
                  {
                    "status": "affected",
                    "version": "2.6"
                  },
                  {
                    "status": "affected",
                    "version": "2.7"
                  },
                  {
                    "status": "affected",
                    "version": "2.8"
                  },
                  {
                    "status": "affected",
                    "version": "2.9"
                  },
                  {
                    "status": "affected",
                    "version": "2.10"
                  },
                  {
                    "status": "affected",
                    "version": "2.11"
                  },
                  {
                    "status": "affected",
                    "version": "2.12"
                  },
                  {
                    "status": "affected",
                    "version": "2.13"
                  },
                  {
                    "status": "affected",
                    "version": "2.14"
                  },
                  {
                    "status": "affected",
                    "version": "2.15"
                  },
                  {
                    "status": "affected",
                    "version": "2.16"
                  },
                  {
                    "status": "affected",
                    "version": "2.17"
                  },
                  {
                    "status": "affected",
                    "version": "2.18"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7357",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T13:50:41.237527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:55:58.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                },
                {
                  "status": "affected",
                  "version": "2.3"
                },
                {
                  "status": "affected",
                  "version": "2.4"
                },
                {
                  "status": "affected",
                  "version": "2.5"
                },
                {
                  "status": "affected",
                  "version": "2.6"
                },
                {
                  "status": "affected",
                  "version": "2.7"
                },
                {
                  "status": "affected",
                  "version": "2.8"
                },
                {
                  "status": "affected",
                  "version": "2.9"
                },
                {
                  "status": "affected",
                  "version": "2.10"
                },
                {
                  "status": "affected",
                  "version": "2.11"
                },
                {
                  "status": "affected",
                  "version": "2.12"
                },
                {
                  "status": "affected",
                  "version": "2.13"
                },
                {
                  "status": "affected",
                  "version": "2.14"
                },
                {
                  "status": "affected",
                  "version": "2.15"
                },
                {
                  "status": "affected",
                  "version": "2.16"
                },
                {
                  "status": "affected",
                  "version": "2.17"
                },
                {
                  "status": "affected",
                  "version": "2.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BeaCox (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in D-Link DIR-600 bis 2.18 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion soapcgi_main der Datei /soap.cgi. Dank Manipulation des Arguments service mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T13:00:09.320Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273329 | D-Link DIR-600 soap.cgi soapcgi_main os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273329"
            },
            {
              "name": "VDB-273329 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273329"
            },
            {
              "name": "Submit #383695 | D-Link DIR-600  2.18 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.383695"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BeaCox/IoT_vuln/tree/main/D-Link/DIR-600/soapcgi_main_injection"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10408"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-01T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-01T08:16:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-600 soap.cgi soapcgi_main os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7357",
        "datePublished": "2024-08-01T13:00:09.320Z",
        "dateReserved": "2024-08-01T06:10:51.582Z",
        "dateUpdated": "2024-08-07T13:55:58.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }