Primary

Context

D-Link DIR-605L Command Injection Vulnerability in Wake-on-LAN Function

Vulnerability

A critical command injection vulnerability has been identified in the D-Link DIR-605L router, specifically in version 2.13B01. The issue arises in the wake-on-lan function, where improper handling of the MAC address argument allows for remote command injection. This vulnerability affects devices that are no longer supported by the vendor.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the affected device.

Reproduction

To reproduce this vulnerability, send a request to the DIR-605L router's wake-on-lan function with a crafted MAC address that exploits the command injection flaw. This can be done remotely, targeting the specific version 2.13B01.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-605L Command Injection Vulnerability in Wake-on-LAN Function

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-605L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating