D-Link Dir 600 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in D-Link Dir 600 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in D-Link Dir 600 Firmware. Last year, in 2025 Dir 600 Firmware had 1 security vulnerability published. Right now, Dir 600 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 1 | 9.80 |
It may take a day or so for new Dir 600 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D-Link Dir 600 Firmware Security Vulnerabilities
OS Command Injection (RCE) in D-Link DIR-600/300 rev B (2.14b01/2.13)
CVE-2013-10069
- August 05, 2025
The web interface of multiple D-Link routers, including DIR-600 rev B (2.14b01) and DIR-300 rev B (2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
Shell injection
D-Link DIR-600 <=2.18 RCE via soapcgi_main
CVE-2024-7357
9.8 - Critical
- August 01, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Shell injection
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev
CVE-2014-100005
8.8 - High
- January 13, 2015
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for D-Link Dir 600 Firmware or by D-Link? Click the Watch button to subscribe.
