CVE 9.3 CRITICAL

D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow_CVE-2025-15194

December 29, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

AI Analysis

Stack-based buffer overflow vulnerability in the hedwig.cgi file of D-Link DIR-600, allowing remote attackers to launch an attack via the Cookie argument.

Basic Information

ID CVE-2025-15194

Source VulDB

Published Dec 29, 2025 at 15:32

Modified Dec 29, 2025 at 16:10

Affected Product

Vendor D-Link

Product DIR-600

Version 2.15WWb02

Affected Versions D-Link DIR-600 2.15WWb02

CWE Classification

CWE-121 CWE-119

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor D-Link

Product DIR-600

Version 2.15WWb02

References

{
    "lastseen": "",
    "description": "A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2025-12-29T15:32:09.818Z",
    "modified": "2025-12-29T16:10:13.239Z",
    "type": "cve",
    "title": "D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338581\nhttps://vuldb.com/?ctiid.338581\nhttps://vuldb.com/?submit.724404\nhttps://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md\nhttps://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md#poc\nhttps://www.dlink.com/",
    "id": "CVE-2025-15194",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-600 2.15WWb02",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-600",
    "version": "2.15WWb02",
    "vendor": "D-Link",
    "ai_description": "Stack-based buffer overflow vulnerability in the hedwig.cgi file of D-Link DIR-600, allowing remote attackers to launch an attack via the Cookie argument.",
    "ai_severity": "Critical",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-600",
    "ai_version": "2.15WWb02",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply