D-Link Dir 605l Firmware

Stack Buffer Overflow in D-Link DIR-605L 1() (RCE)
CVE-2012-10021 - July 31, 2025

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.

Stack Overflow

Critical BF in D-Link DIR-605L 2.13B01 formSetWAN_Wizard55
CVE-2025-4442 9.8 - Critical - May 09, 2025

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 Remote Command Injection via sub_454F2C
CVE-2025-4443 9.8 - Critical - May 09, 2025

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection

Critical WOL cmd injection on D-Link DIR-605L 2.13B01 (wake_on_lan)
CVE-2025-4445 9.8 - Critical - May 09, 2025

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection

DIR-605L 2.13B01 buf overflow in formSetWAN_Wizard534 – CVE-2025-4441
CVE-2025-4441 9.8 - Critical - May 08, 2025

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Classic Buffer Overflow

D-Link DIR-605L Buffer Overflow Vulnerability in formResetStatistic Function
CVE-2024-11959 8.8 - High - November 28, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L Buffer Overflow Vulnerability in formSetPortTr Function
CVE-2024-11960 8.8 - High - November 28, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA: formSetPassword Buffer Overflow via curTime
CVE-2024-9565 8.8 - High - October 07, 2024

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA Buffer Overflow in formWlanWizardSetup
CVE-2024-9564 8.8 - High - October 07, 2024

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA buffer overflow via formWlanSetup_Wizard
CVE-2024-9563 8.8 - High - October 07, 2024

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA buffer overflow via curTime
CVE-2024-9561 8.8 - High - October 06, 2024

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Remote Buffer Overflow in D-Link DIR-605L 2.13B01-BETA Router
CVE-2024-9562 8.8 - High - October 06, 2024

A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

DIR-605L 2.13B01 BETA Overwrite via formWlanSetup Buffer Overflow (CVE-2024-9559)
CVE-2024-9559 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA: formSetWanPPTP buf. overflow (CVE-2024-9558)
CVE-2024-9558 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA Buffer Overflow in formSetWanPPPoE (remote)
CVE-2024-9557 8.8 - High - October 06, 2024

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

DIR-605L 2.13B01 BETA Buffer Overflow via formSetEnableWizard (critical)
CVE-2024-9556 8.8 - High - October 06, 2024

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA Buffer Overflow in formSetEasy_Wizard
CVE-2024-9555 8.8 - High - October 06, 2024

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA formdumpeasysetup Buffer Overflow
CVE-2024-9553 8.8 - High - October 06, 2024

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR605L 2.13B01 Buffer Overflow in formSetWanL2TP (CVE20249551)
CVE-2024-9551 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA: Remote Buffer Overflow in formSetWanNonLogin
CVE-2024-9552 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA buffer overflow via curTime (critical)
CVE-2024-9550 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13b01beta: formEasySetupWizard buffer overflow (critical)
CVE-2024-9549 8.8 - High - October 06, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Critical Buffer Overflow in D-Link DIR-605L 2.13B01 via formEasySetupWWConfig
CVE-2024-9535 8.8 - High - October 05, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Buffer Overflow in D-Link DIR-605L 2.13B01 formEasySetPassword Remote Exploit
CVE-2024-9534 8.8 - High - October 05, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

DIR605L 2.13B01 BETA Buffer Overflow via formDeviceReboot (CVE20249533)
CVE-2024-9533 8.8 - High - October 05, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA Buffer Overflow in formAdvanceSetup
CVE-2024-9532 8.8 - High - October 05, 2024

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Critical CVE-2024-9515: Buffer Overflow in D-Link DIR-605L 2.13B01 QoS Endpoint
CVE-2024-9515 8.8 - High - October 04, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L 2.13B01 BETA: Remote Buffer Overflow in formSetDomainFilter
CVE-2024-9514 8.8 - High - October 04, 2024

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

D-Link DIR-605L v2.13B01 Hardcoded root password in /etc/passwd
CVE-2024-37630 - June 13, 2024

D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.

D-Link DIR-605L 1.17B01 BETA Stack Overflow via /goform/formTcpipSetup
CVE-2023-29961 9.8 - Critical - May 16, 2023

D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,

Memory Corruption

Stack Overflow in D-Link DIR-605L v2.13B01 via /goform/formSetWanDhcpplus
CVE-2023-24347 8.8 - High - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.

Memory Corruption

D-Link DIR-605L N300 stack overflow via wan_connected param (v2.13B01)
CVE-2023-24346 8.8 - High - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.

Memory Corruption

D-Link N300 WiFi Router DIR-605L v2.13B01 Stack Overflow via curTime
CVE-2023-24345 8.8 - High - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.

Memory Corruption

Stack Overflow in D-Link N300 DIR-605L v2.13B01 WebFormWlanGuestSetup
CVE-2023-24344 8.8 - High - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.

Memory Corruption

DIR-605L v2.13B01 Stack Overflow via /goform/formSchedule curTime
CVE-2023-24343 8.8 - High - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.

Memory Corruption

Stack Overflow in D-Link DIR-605L v2.13B01 (curTime)
CVE-2023-24348 9.8 - Critical - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.

Memory Corruption

Stack Overflow in D-Link DIR-605L v2.13B01 via curTime param
CVE-2023-24349 9.8 - Critical - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.

Memory Corruption

D-Link DIR-605L v2.13B01 Stack Overflow via SMTP Email Subject
CVE-2023-24350 9.8 - Critical - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.

Memory Corruption

Stack Overflow in DIR-605L v2.13B01 LOGIN via FILECODE param
CVE-2023-24351 9.8 - Critical - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.

Memory Corruption

Stack Overflow in D-Link N300 DIR-605L v2.13B01 (formWPS)
CVE-2023-24352 9.8 - Critical - February 10, 2023

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.

Memory Corruption

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT
CVE-2021-40655 7.5 - High - September 24, 2021

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

AuthZ