Home

Description

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2025-12-28 | Published 2025-12-29 | Updated 2025-12-29 | Assigner VulDB




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
10.0AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

2.15WWb02
affected

Timeline

2025-12-28:Advisory disclosed
2025-12-28:VulDB entry created
2025-12-28:VulDB entry last update

Credits

LonTan0 (VulDB User) reporter

References

vuldb.com/?id.338581 (VDB-338581 | D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.338581 (VDB-338581 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.724404 (Submit #724404 | D-Link DIR-600 v2.15WWb02 and possibly earlier versions Stack-based Buffer Overflow) third-party-advisory

github.com/...lnerability in hedwig.cgi of D-Link DIR-600.md related

github.com/...lnerability in hedwig.cgi of D-Link DIR-600.md exploit

www.dlink.com/ product

cve.org (CVE-2025-15194)

nvd.nist.gov (CVE-2025-15194)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.