Primary

Context

D-Link DIR-600L Command Injection Vulnerability in Wake-on-LAN Function

Vulnerability

A critical command injection vulnerability has been identified in the D-Link DIR-600L router, affecting versions prior to 2.07B01. This vulnerability arises in the wake-on-lan function, where improper handling of the host argument allows for remote command injection. The issue is present in products that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a request to the DIR-600L router's wake-on-lan function with a crafted host argument that includes malicious payloads. The router must be running a vulnerable firmware version and not be under active support from D-Link.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-600L Command Injection Vulnerability in Wake-on-LAN Function

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-600L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating