D-Link Dir-600 vulnerabilities

CVE-2026-2163 [MEDIUM] CWE-74 CVE-2026-2163: A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects

CVE-2026-0625 [CRITICAL] CWE-306 CVE-2026-0625: Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vul Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hij

CVE-2025-15194 [HIGH] CWE-119 CVE-2025-15194: A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an un A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be

CVE-2018-25115 [CRITICAL] CWE-78 CVE-2018-25115: Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter

CVE-2013-10048 [CRITICAL] CWE-78 CVE-2013-10048: An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privil

CVE-2024-7357 [MEDIUM] CWE-78 CVE-2024-7357: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be us