CVE-2025-4350
Published: 06 May 2025
Summary
CVE-2025-4350 is a high-severity Injection (CWE-74) vulnerability in Dlink Dir-600L Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A critical command injection vulnerability exists in the wake_on_lan function of D-Link DIR-600L routers up to firmware version 2.07B01. The flaw stems from insufficient sanitization of the host argument and is tracked under CWE-74 and CWE-77. It affects only end-of-life hardware that is no longer supported by the vendor and carries a CVSS 4.0 score of 8.7 with network attack vector and low complexity.
An authenticated remote attacker can supply a crafted host value to the affected function and execute arbitrary operating-system commands on the device. Successful exploitation grants the attacker the ability to read, modify, or delete data and to alter device behavior without user interaction.
Public references consist of a technical disclosure on VulDB and an accompanying repository entry; no vendor patch or mitigation guidance is available because the product line has been discontinued. The associated EPSS score has remained flat at 0.0533 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-13583
Vulnerability details
A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects products…
more
that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in the router's public-facing web interface (wake_on_lan host parameter) enables exploitation of public-facing applications (T1190), indirect command execution via system() call (T1202), and arbitrary OS command execution on the network device (T1059.008).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.