Vulnerability Details CVE-2025-15194
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md
- https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md#poc
- https://vuldb.com/?ctiid.338581
- https://vuldb.com/?id.338581
- https://vuldb.com/?submit.724404
- https://www.dlink.com/
Products affected by CVE-2025-15194
-
cpe:2.3:h:dlink:dir-600:b2
-
cpe:2.3:o:dlink:dir-600_firmware:2.15ww