Test ID:	1.3.6.1.4.1.25623.1.0.171267
Category:	Web application abuses
Title:	D-Link DIR-600 Multiple Vulnerabilities (2023-2024)
Summary:	D-Link DIR-600 devices are prone to multiple; vulnerabilities.
Description:	Summary: D-Link DIR-600 devices are prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2023-33625: Command injection in ssdp.cgi binary - CVE-2023-33626: Stack overflow via the gena.cgi binary - CVE-2024-7357: OS command injection in the function soapcgi_main of the file /soap.cgi Affected Software/OS: D-Link DIR-600 devices in all versions. Solution: No solution was made available by the vendor. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. Note: Vendor states that DIR-600 reached its End-of-Support Date in 01.12.2010, it is no longer supported, and firmware development has ceased. See vendor advisory for further recommendations. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-33625 https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection https://hackmd.io/@naihsin/By2datZD2 https://www.dlink.com/en/security-bulletin/ Common Vulnerability Exposure (CVE) ID: CVE-2023-33626 https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow Common Vulnerability Exposure (CVE) ID: CVE-2024-7357
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.