D-Link Dir 600
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in D-Link Dir 600.
By the Year
In 2026 there have been 2 vulnerabilities in D-Link Dir 600 with an average score of 4.7 out of ten. Last year, in 2025 Dir 600 had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dir 600 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 5.10
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 4.70 |
| 2025 | 2 | 9.80 |
It may take a day or so for new Dir 600 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D-Link Dir 600 Security Vulnerabilities
Command Injection in D-Link DIR-600 ssdp.cgi up to 2.15WWb02
CVE-2026-2163
4.7 - Medium
- February 08, 2026
A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
Command Injection
D-Link dnscfg.cgi Auth Bypass in DSL/DIR/DNS Router
CVE-2026-0625
- January 05, 2026
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the devices DNS settings without valid credentials, enabling DNS hijacking (DNSChanger) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).
Missing Authentication for Critical Function
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02
CVE-2025-15194
9.8 - Critical
- December 29, 2025
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Stack Overflow
D-Link DIR routers v1.03 arbitrary cmd exec via service.cgi CVE-2018-25115
CVE-2018-25115
- August 27, 2025
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
Shell injection
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev
CVE-2014-100005
8.8 - High
- January 13, 2015
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for D-Link Dir 600 or by D-Link? Click the Watch button to subscribe.
