Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for DIR-822K by D-Link

    CVE-2025-13552 (GCVE-0-2025-13552)

    Vulnerability from nvd – Published: 2025-11-23 13:32 – Updated: 2025-11-24 16:23
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
    Summary
    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333319 signaturepermissions-required
    https://vuldb.com/?submit.693803 third-party-advisory
    https://vuldb.com/?submit.695434 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/36 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/44 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13552",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:06.812674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:23:10.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/44"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/36"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:32:06.358Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333319 | D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333319"
            },
            {
              "name": "VDB-333319 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333319"
            },
            {
              "name": "Submit #693803 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693803"
            },
            {
              "name": "Submit #695434 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695434"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/36"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/44"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13552",
        "datePublished": "2025-11-23T13:32:06.358Z",
        "dateReserved": "2025-11-22T15:12:35.362Z",
        "dateUpdated": "2025-11-24T16:23:10.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13551 (GCVE-0-2025-13551)

    Vulnerability from nvd – Published: 2025-11-23 13:02 – Updated: 2025-11-24 16:24
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow
    Summary
    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333318 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333318 signaturepermissions-required
    https://vuldb.com/?submit.693785 third-party-advisory
    https://vuldb.com/?submit.695436 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/35 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/46 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13551",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:55.047695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:24:00.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/35"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/46"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:02:06.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333318 | D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333318"
            },
            {
              "name": "VDB-333318 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333318"
            },
            {
              "name": "Submit #693785 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693785"
            },
            {
              "name": "Submit #695436 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695436"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/35"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/46"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13551",
        "datePublished": "2025-11-23T13:02:06.976Z",
        "dateReserved": "2025-11-22T15:12:25.391Z",
        "dateUpdated": "2025-11-24T16:24:00.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13550 (GCVE-0-2025-13550)

    Vulnerability from nvd – Published: 2025-11-23 12:32 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
    Summary
    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333317 signaturepermissions-required
    https://vuldb.com/?submit.693777 third-party-advisory
    https://vuldb.com/?submit.695437 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/33 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/47 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:03.688850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:06.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/47"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/33"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:32:06.524Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333317 | D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333317"
            },
            {
              "name": "VDB-333317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333317"
            },
            {
              "name": "Submit #693777 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693777"
            },
            {
              "name": "Submit #695437 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695437"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/33"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/47"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13550",
        "datePublished": "2025-11-23T12:32:06.524Z",
        "dateReserved": "2025-11-22T15:12:20.265Z",
        "dateUpdated": "2025-11-24T16:25:06.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13549 (GCVE-0-2025-13549)

    Vulnerability from nvd – Published: 2025-11-23 12:02 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K formNtp sub_455524 buffer overflow
    Summary
    A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333316 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333316 signaturepermissions-required
    https://vuldb.com/?submit.693776 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/32 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13549",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:24.970874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:43.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/32"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:02:07.230Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333316 | D-Link DIR-822K formNtp sub_455524 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333316"
            },
            {
              "name": "VDB-333316 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333316"
            },
            {
              "name": "Submit #693776 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693776"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/32"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:14:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K formNtp sub_455524 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13549",
        "datePublished": "2025-11-23T12:02:07.230Z",
        "dateReserved": "2025-11-22T15:09:09.241Z",
        "dateUpdated": "2025-11-24T16:25:43.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13548 (GCVE-0-2025-13548)

    Vulnerability from nvd – Published: 2025-11-23 11:32 – Updated: 2025-11-24 16:26
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333315 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333315 signaturepermissions-required
    https://vuldb.com/?submit.693767 third-party-advisory
    https://vuldb.com/?submit.695433 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/31 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/43 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:26:30.262716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:26:33.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/31"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/43"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:32:06.522Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333315 | D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333315"
            },
            {
              "name": "VDB-333315 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333315"
            },
            {
              "name": "Submit #693767 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693767"
            },
            {
              "name": "Submit #695433 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695433"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/31"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/43"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13548",
        "datePublished": "2025-11-23T11:32:06.522Z",
        "dateReserved": "2025-11-22T15:08:56.294Z",
        "dateUpdated": "2025-11-24T16:26:33.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13547 (GCVE-0-2025-13547)

    Vulnerability from nvd – Published: 2025-11-23 11:02 – Updated: 2025-11-24 16:27
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formDdns memory corruption
    Summary
    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333314 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333314 signaturepermissions-required
    https://vuldb.com/?submit.693758 third-party-advisory
    https://vuldb.com/?submit.695428 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/30 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/42 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:27:22.130221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:27:25.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/30"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/42"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:02:06.826Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333314 | D-Link DIR-822K/DWR-M920 formDdns memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333314"
            },
            {
              "name": "VDB-333314 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333314"
            },
            {
              "name": "Submit #693758 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693758"
            },
            {
              "name": "Submit #695428 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695428"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/30"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/42"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formDdns memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13547",
        "datePublished": "2025-11-23T11:02:06.826Z",
        "dateReserved": "2025-11-22T15:08:42.670Z",
        "dateUpdated": "2025-11-24T16:27:25.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from nvd – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13305 (GCVE-0-2025-13305)

    Vulnerability from nvd – Published: 2025-11-17 23:02 – Updated: 2025-11-18 14:41
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332645 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332645 signaturepermissions-required
    https://vuldb.com/?submit.691809 third-party-advisory
    https://vuldb.com/?submit.691816 third-party-advisory
    https://vuldb.com/?submit.693784 third-party-advisory
    https://vuldb.com/?submit.693806 third-party-advisory
    https://vuldb.com/?submit.695424 third-party-advisory
    https://github.com/LX-LX88/cve/issues/12 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13305",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:40:50.580816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T14:41:07.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/12"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:02:06.147Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332645"
            },
            {
              "name": "VDB-332645 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332645"
            },
            {
              "name": "Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691809"
            },
            {
              "name": "Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691816"
            },
            {
              "name": "Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693784"
            },
            {
              "name": "Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693806"
            },
            {
              "name": "Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695424"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/12"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:22:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13305",
        "datePublished": "2025-11-17T23:02:06.147Z",
        "dateReserved": "2025-11-17T14:12:10.254Z",
        "dateUpdated": "2025-11-18T14:41:07.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13552 (GCVE-0-2025-13552)

    Vulnerability from cvelistv5 – Published: 2025-11-23 13:32 – Updated: 2025-11-24 16:23
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
    Summary
    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333319 signaturepermissions-required
    https://vuldb.com/?submit.693803 third-party-advisory
    https://vuldb.com/?submit.695434 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/36 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/44 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13552",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:06.812674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:23:10.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/44"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/36"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:32:06.358Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333319 | D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333319"
            },
            {
              "name": "VDB-333319 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333319"
            },
            {
              "name": "Submit #693803 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693803"
            },
            {
              "name": "Submit #695434 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695434"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/36"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/44"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13552",
        "datePublished": "2025-11-23T13:32:06.358Z",
        "dateReserved": "2025-11-22T15:12:35.362Z",
        "dateUpdated": "2025-11-24T16:23:10.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13551 (GCVE-0-2025-13551)

    Vulnerability from cvelistv5 – Published: 2025-11-23 13:02 – Updated: 2025-11-24 16:24
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow
    Summary
    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333318 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333318 signaturepermissions-required
    https://vuldb.com/?submit.693785 third-party-advisory
    https://vuldb.com/?submit.695436 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/35 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/46 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13551",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:55.047695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:24:00.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/35"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/46"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:02:06.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333318 | D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333318"
            },
            {
              "name": "VDB-333318 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333318"
            },
            {
              "name": "Submit #693785 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693785"
            },
            {
              "name": "Submit #695436 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695436"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/35"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/46"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13551",
        "datePublished": "2025-11-23T13:02:06.976Z",
        "dateReserved": "2025-11-22T15:12:25.391Z",
        "dateUpdated": "2025-11-24T16:24:00.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13550 (GCVE-0-2025-13550)

    Vulnerability from cvelistv5 – Published: 2025-11-23 12:32 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
    Summary
    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333317 signaturepermissions-required
    https://vuldb.com/?submit.693777 third-party-advisory
    https://vuldb.com/?submit.695437 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/33 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/47 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:03.688850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:06.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/47"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/33"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:32:06.524Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333317 | D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333317"
            },
            {
              "name": "VDB-333317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333317"
            },
            {
              "name": "Submit #693777 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693777"
            },
            {
              "name": "Submit #695437 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695437"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/33"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/47"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13550",
        "datePublished": "2025-11-23T12:32:06.524Z",
        "dateReserved": "2025-11-22T15:12:20.265Z",
        "dateUpdated": "2025-11-24T16:25:06.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13549 (GCVE-0-2025-13549)

    Vulnerability from cvelistv5 – Published: 2025-11-23 12:02 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K formNtp sub_455524 buffer overflow
    Summary
    A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333316 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333316 signaturepermissions-required
    https://vuldb.com/?submit.693776 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/32 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13549",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:24.970874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:43.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/32"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:02:07.230Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333316 | D-Link DIR-822K formNtp sub_455524 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333316"
            },
            {
              "name": "VDB-333316 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333316"
            },
            {
              "name": "Submit #693776 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693776"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/32"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:14:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K formNtp sub_455524 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13549",
        "datePublished": "2025-11-23T12:02:07.230Z",
        "dateReserved": "2025-11-22T15:09:09.241Z",
        "dateUpdated": "2025-11-24T16:25:43.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13548 (GCVE-0-2025-13548)

    Vulnerability from cvelistv5 – Published: 2025-11-23 11:32 – Updated: 2025-11-24 16:26
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333315 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333315 signaturepermissions-required
    https://vuldb.com/?submit.693767 third-party-advisory
    https://vuldb.com/?submit.695433 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/31 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/43 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:26:30.262716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:26:33.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/31"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/43"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:32:06.522Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333315 | D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333315"
            },
            {
              "name": "VDB-333315 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333315"
            },
            {
              "name": "Submit #693767 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693767"
            },
            {
              "name": "Submit #695433 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695433"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/31"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/43"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13548",
        "datePublished": "2025-11-23T11:32:06.522Z",
        "dateReserved": "2025-11-22T15:08:56.294Z",
        "dateUpdated": "2025-11-24T16:26:33.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13547 (GCVE-0-2025-13547)

    Vulnerability from cvelistv5 – Published: 2025-11-23 11:02 – Updated: 2025-11-24 16:27
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formDdns memory corruption
    Summary
    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333314 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333314 signaturepermissions-required
    https://vuldb.com/?submit.693758 third-party-advisory
    https://vuldb.com/?submit.695428 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/30 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/42 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:27:22.130221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:27:25.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/30"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/42"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:02:06.826Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333314 | D-Link DIR-822K/DWR-M920 formDdns memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333314"
            },
            {
              "name": "VDB-333314 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333314"
            },
            {
              "name": "Submit #693758 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693758"
            },
            {
              "name": "Submit #695428 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695428"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/30"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/42"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formDdns memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13547",
        "datePublished": "2025-11-23T11:02:06.826Z",
        "dateReserved": "2025-11-22T15:08:42.670Z",
        "dateUpdated": "2025-11-24T16:27:25.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from cvelistv5 – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13305 (GCVE-0-2025-13305)

    Vulnerability from cvelistv5 – Published: 2025-11-17 23:02 – Updated: 2025-11-18 14:41
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332645 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332645 signaturepermissions-required
    https://vuldb.com/?submit.691809 third-party-advisory
    https://vuldb.com/?submit.691816 third-party-advisory
    https://vuldb.com/?submit.693784 third-party-advisory
    https://vuldb.com/?submit.693806 third-party-advisory
    https://vuldb.com/?submit.695424 third-party-advisory
    https://github.com/LX-LX88/cve/issues/12 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13305",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:40:50.580816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T14:41:07.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/12"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:02:06.147Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332645"
            },
            {
              "name": "VDB-332645 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332645"
            },
            {
              "name": "Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691809"
            },
            {
              "name": "Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691816"
            },
            {
              "name": "Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693784"
            },
            {
              "name": "Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693806"
            },
            {
              "name": "Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695424"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/12"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:22:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13305",
        "datePublished": "2025-11-17T23:02:06.147Z",
        "dateReserved": "2025-11-17T14:12:10.254Z",
        "dateUpdated": "2025-11-18T14:41:07.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }