Dlink Dir-600 Firmware vulnerabilities

CVE-2026-2163 [MEDIUM] CWE-74 CVE-2026-2163: A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects

CVE-2025-15194 [HIGH] CWE-119 CVE-2025-15194: A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an un A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be

CVE-2013-10069 [CRITICAL] CWE-78 CVE-2013-10069: The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B ( The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enab

CVE-2013-10048 [CRITICAL] CWE-78 CVE-2013-10048: An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privil

CVE-2024-7357 [MEDIUM] CWE-78 CVE-2024-7357: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be us

CVE-2023-33625 [CRITICAL] CWE-77 CVE-2023-33625: D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command inject D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.

CVE-2023-33626 [CRITICAL] CWE-787 CVE-2023-33626: D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.

CVE-2013-7471 [CRITICAL] CWE-77 CVE-2013-7471: An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 be An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.

CVE-2014-100005 [HIGH] CWE-352 CVE-2014-100005: Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with f Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new confi