Summary
| Detail | |||
|---|---|---|---|
| Vendor | Dlink | First view | 2015-05-01 |
| Product | Dir-605l Firmware | Last view | 2025-05-23 |
| Version | 2.13b01 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:dlink:dir-605l_firmware | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-05-23 | CVE-2025-46176 | Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. |
| 9.8 | 2025-05-09 | CVE-2025-4445 | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. |
| 9.8 | 2025-05-09 | CVE-2025-4443 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. |
| 9.8 | 2025-05-09 | CVE-2025-4442 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. |
| 9.8 | 2025-05-08 | CVE-2025-4441 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. |
| 8.8 | 2024-11-28 | CVE-2024-11960 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-11-28 | CVE-2024-11959 | A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-07 | CVE-2024-9565 | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-07 | CVE-2024-9564 | A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-07 | CVE-2024-9563 | A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9562 | A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9561 | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9559 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9558 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9557 | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9556 | A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9555 | A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9553 | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9552 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9551 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9550 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-06 | CVE-2024-9549 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-05 | CVE-2024-9535 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-05 | CVE-2024-9534 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| 8.8 | 2024-10-05 | CVE-2024-9533 | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 38% (10) | CWE-787 | Out-of-bounds Write |
| 30% (8) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 15% (4) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 7% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 7% (2) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-07-13 | UPnP AddPortMapping SOAP action command injection attempt RuleID : 34799 - Type : SERVER-WEBAPP - Revision : 4 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-05-01 | Name: A software development kit running on the remote device is affected by a remo... File: realtek_cve_2014_8361.nasl - Type: ACT_GATHER_INFO |
