CNNVD-202512-4978 Information

CNNVD ID

CNNVD-202512-4978

Related CVE

CVE-2025-15194

• CNNVD Published: 2025-12-29

Description (Chinese)

D-Link DIR-600是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-600 2.15WWb02及之前版本存在安全漏洞，该漏洞源于对组件HTTP Header Handler的文件hedwig.cgi中参数Cookie的错误操作，可能导致基于栈的缓冲区溢出攻击。

Description (English)

D-Link DIR-600 is a wireless router for the Chinese company D-Link. 2.15 Wb02 and previous versions of D-Link DIR-600 2.15 WWb02 contain a security loophole, which stems from the error of Cookie ’ s parameter in the document HTTP Header Handler component hedwig.cgi, which could lead to an attack on the fence-based buffer zone.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

友讯

Published

2025-12-29

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.338581 https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md#poc https://vuldb.com/?id.338581 https://www.dlink.com/ https://vuldb.com/?submit.724404 https://access.redhat.com/security/cve/cve-2025-15194