CVE-2025-4349
Published: 06 May 2025
Summary
CVE-2025-4349 is a high-severity Injection (CWE-74) vulnerability in Dlink Dir-600L Firmware. Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A critical command injection vulnerability, tracked as CVE-2025-4349, affects the D-Link DIR-600L wireless router in firmware versions up to 2.07B01. The flaw resides in the formSysCmd function, where improper handling of the host argument permits arbitrary command execution. The issue is remotely triggerable and carries a CVSS 4.0 score of 8.7; it impacts only end-of-life hardware that D-Link no longer maintains.
An authenticated attacker with network access can supply a crafted host parameter to the affected function, resulting in execution of operating-system commands on the device. Successful exploitation grants the attacker full control over the router, enabling actions such as configuration changes, traffic interception, or use of the device as a pivot point into the local network.
No vendor patches or mitigation guidance are available because the product line is unsupported. Public references consist primarily of vulnerability disclosures on VulDB and a GitHub repository, with the manufacturer’s site providing no further remediation details.
The associated EPSS score has remained flat at 0.0533 since disclosure, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-13572
Vulnerability details
A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only…
more
affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.