CVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

May 6, 2025

CVE ID : CVE-2025-4349

Published : May 6, 2025, 12:15 p.m. | 2 hours, 44 minutes ago

Description : A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4350 – D-Link DIR-600L Wake-on-LAN Command Injection Vulnerability

Next Article CVE-2025-0984 – Netoloji Software E-Flow Cross-site Scripting (XSS) and File Content Injection Vulnerability

Highlights

CVE-2024-13569 – WordPress Front End Users Reflected Cross-Site Scripting

April 22, 2025

CVE ID : CVE-2024-13569

Published : April 22, 2025, 6:15 a.m. | 55 minutes ago

Description : The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Rilasciata Melawy Linux: Una Distribuzione GNU/Linux Basata su Arch con KDE Plasma

CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits

Cosmic Expansion – space 2D shooter game

Canonical Brings Ubuntu 24.04 to Qualcomm Dragonwing Vision Kit

CVE-2024-13569 – WordPress Front End Users Reflected Cross-Site Scripting

Pigment extracts color palettes from your images

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

CVE-2025-49252 – ThemBay Besa PHP Remote File Inclusion

CVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

Related Posts