CVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

May 6, 2025

CVE ID : CVE-2025-4349

Published : May 6, 2025, 12:15 p.m. | 2 hours, 44 minutes ago

Description : A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4350 – D-Link DIR-600L Wake-on-LAN Command Injection Vulnerability

Next Article CVE-2025-0984 – Netoloji Software E-Flow Cross-site Scripting (XSS) and File Content Injection Vulnerability

Highlights

CVE-2025-8246 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

July 28, 2025

CVE ID : CVE-2025-8246

Published : July 27, 2025, 11:15 p.m. | 1 day ago

Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

The easiest way to try out Ubuntu Linux

THUDM Releases GLM 4: A 32B Parameter Model Competing Head-to-Head with GPT-4o and DeepSeek-V3

CVE-2025-20977 – Samsung Notes Implicit Intent Information Leak Vulnerability

CVE-2025-8246 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-1793 – AWS Run-llama SQL Injection Vulnerability

Turkey Bans Elon Musk’s AI Chatbot Grok After Insults Against Erdogan and Atatürk

CVE-2025-37980 – Linux Kernel Block Driver Resource Leak Vulnerability

CVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

Related Posts