Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for DIR-825M by D-Link

    CVE-2026-7289 (GCVE-0-2026-7289)

    Vulnerability from nvd – Published: 2026-04-28 15:01 – Updated: 2026-04-29 15:03
    VLAI
    Title
    D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow
    Summary
    A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/359947 vdb-entrytechnical-description
    https://vuldb.com/vuln/359947/cti signaturepermissions-required
    https://vuldb.com/submit/803025 third-party-advisory
    https://github.com/Kiciot/cve/issues/3 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-825M Affected: 1.1.12
    Create a notification for this product.
    Credits
    kiciot (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7289",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T15:02:17.297142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T15:03:14.519Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kiciot (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T15:01:35.844Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359947 | D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359947"
            },
            {
              "name": "VDB-359947 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359947/cti"
            },
            {
              "name": "Submit #803025 | dlink DIR-825m v1.1.12 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/803025"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Kiciot/cve/issues/3"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-28T11:50:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7289",
        "datePublished": "2026-04-28T15:01:35.844Z",
        "dateReserved": "2026-04-28T09:45:32.045Z",
        "dateUpdated": "2026-04-29T15:03:14.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7288 (GCVE-0-2026-7288)

    Vulnerability from nvd – Published: 2026-04-28 14:46 – Updated: 2026-04-29 14:24
    VLAI
    Title
    D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/359946 vdb-entrytechnical-description
    https://vuldb.com/vuln/359946/cti signaturepermissions-required
    https://vuldb.com/submit/803024 third-party-advisory
    https://github.com/Kiciot/cve/issues/2 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-825M Affected: 1.1.12
    Create a notification for this product.
    Credits
    kiciot (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7288",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T14:23:52.917502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T14:24:38.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kiciot (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T14:46:16.429Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359946 | D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359946"
            },
            {
              "name": "VDB-359946 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359946/cti"
            },
            {
              "name": "Submit #803024 | Dlink DIR-825m v1.1.12 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/803024"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Kiciot/cve/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-28T11:50:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7288",
        "datePublished": "2026-04-28T14:46:16.429Z",
        "dateReserved": "2026-04-28T09:45:25.646Z",
        "dateUpdated": "2026-04-29T14:24:38.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from nvd – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13305 (GCVE-0-2025-13305)

    Vulnerability from nvd – Published: 2025-11-17 23:02 – Updated: 2025-11-18 14:41
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332645 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332645 signaturepermissions-required
    https://vuldb.com/?submit.691809 third-party-advisory
    https://vuldb.com/?submit.691816 third-party-advisory
    https://vuldb.com/?submit.693784 third-party-advisory
    https://vuldb.com/?submit.693806 third-party-advisory
    https://vuldb.com/?submit.695424 third-party-advisory
    https://github.com/LX-LX88/cve/issues/12 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13305",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:40:50.580816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T14:41:07.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/12"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:02:06.147Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332645"
            },
            {
              "name": "VDB-332645 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332645"
            },
            {
              "name": "Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691809"
            },
            {
              "name": "Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691816"
            },
            {
              "name": "Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693784"
            },
            {
              "name": "Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693806"
            },
            {
              "name": "Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695424"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/12"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:22:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13305",
        "datePublished": "2025-11-17T23:02:06.147Z",
        "dateReserved": "2025-11-17T14:12:10.254Z",
        "dateUpdated": "2025-11-18T14:41:07.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13304 (GCVE-0-2025-13304)

    Vulnerability from nvd – Published: 2025-11-17 22:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow
    Summary
    A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332644 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332644 signaturepermissions-required
    https://vuldb.com/?submit.691808 third-party-advisory
    https://vuldb.com/?submit.691810 third-party-advisory
    https://vuldb.com/?submit.691812 third-party-advisory
    https://vuldb.com/?submit.691817 third-party-advisory
    https://vuldb.com/?submit.691821 third-party-advisory
    https://github.com/LX-LX88/cve/issues/11 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M921 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M960 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M961 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DIR-825M Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13304",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:51.769883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:42.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/11"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M961",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T22:32:07.051Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332644 | D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332644"
            },
            {
              "name": "VDB-332644 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332644"
            },
            {
              "name": "Submit #691808 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691808"
            },
            {
              "name": "Submit #691810 | D-Link DWR-M961 V1.1.47 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691810"
            },
            {
              "name": "Submit #691812 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691812"
            },
            {
              "name": "Submit #691817 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691817"
            },
            {
              "name": "Submit #691821 | D-Link DIR-825m V1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691821"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/11"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:21:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13304",
        "datePublished": "2025-11-17T22:32:07.051Z",
        "dateReserved": "2025-11-17T14:12:06.794Z",
        "dateUpdated": "2025-11-18T16:36:42.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7289 (GCVE-0-2026-7289)

    Vulnerability from cvelistv5 – Published: 2026-04-28 15:01 – Updated: 2026-04-29 15:03
    VLAI
    Title
    D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow
    Summary
    A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/359947 vdb-entrytechnical-description
    https://vuldb.com/vuln/359947/cti signaturepermissions-required
    https://vuldb.com/submit/803025 third-party-advisory
    https://github.com/Kiciot/cve/issues/3 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-825M Affected: 1.1.12
    Create a notification for this product.
    Credits
    kiciot (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7289",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T15:02:17.297142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T15:03:14.519Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kiciot (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T15:01:35.844Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359947 | D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359947"
            },
            {
              "name": "VDB-359947 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359947/cti"
            },
            {
              "name": "Submit #803025 | dlink DIR-825m v1.1.12 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/803025"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Kiciot/cve/issues/3"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-28T11:50:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7289",
        "datePublished": "2026-04-28T15:01:35.844Z",
        "dateReserved": "2026-04-28T09:45:32.045Z",
        "dateUpdated": "2026-04-29T15:03:14.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7288 (GCVE-0-2026-7288)

    Vulnerability from cvelistv5 – Published: 2026-04-28 14:46 – Updated: 2026-04-29 14:24
    VLAI
    Title
    D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/359946 vdb-entrytechnical-description
    https://vuldb.com/vuln/359946/cti signaturepermissions-required
    https://vuldb.com/submit/803024 third-party-advisory
    https://github.com/Kiciot/cve/issues/2 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-825M Affected: 1.1.12
    Create a notification for this product.
    Credits
    kiciot (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7288",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T14:23:52.917502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T14:24:38.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kiciot (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T14:46:16.429Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359946 | D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359946"
            },
            {
              "name": "VDB-359946 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359946/cti"
            },
            {
              "name": "Submit #803024 | Dlink DIR-825m v1.1.12 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/803024"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Kiciot/cve/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-28T11:50:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7288",
        "datePublished": "2026-04-28T14:46:16.429Z",
        "dateReserved": "2026-04-28T09:45:25.646Z",
        "dateUpdated": "2026-04-29T14:24:38.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from cvelistv5 – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13305 (GCVE-0-2025-13305)

    Vulnerability from cvelistv5 – Published: 2025-11-17 23:02 – Updated: 2025-11-18 14:41
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332645 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332645 signaturepermissions-required
    https://vuldb.com/?submit.691809 third-party-advisory
    https://vuldb.com/?submit.691816 third-party-advisory
    https://vuldb.com/?submit.693784 third-party-advisory
    https://vuldb.com/?submit.693806 third-party-advisory
    https://vuldb.com/?submit.695424 third-party-advisory
    https://github.com/LX-LX88/cve/issues/12 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13305",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:40:50.580816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T14:41:07.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/12"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:02:06.147Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332645"
            },
            {
              "name": "VDB-332645 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332645"
            },
            {
              "name": "Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691809"
            },
            {
              "name": "Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691816"
            },
            {
              "name": "Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693784"
            },
            {
              "name": "Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693806"
            },
            {
              "name": "Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695424"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/12"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:22:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13305",
        "datePublished": "2025-11-17T23:02:06.147Z",
        "dateReserved": "2025-11-17T14:12:10.254Z",
        "dateUpdated": "2025-11-18T14:41:07.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13304 (GCVE-0-2025-13304)

    Vulnerability from cvelistv5 – Published: 2025-11-17 22:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow
    Summary
    A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332644 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332644 signaturepermissions-required
    https://vuldb.com/?submit.691808 third-party-advisory
    https://vuldb.com/?submit.691810 third-party-advisory
    https://vuldb.com/?submit.691812 third-party-advisory
    https://vuldb.com/?submit.691817 third-party-advisory
    https://vuldb.com/?submit.691821 third-party-advisory
    https://github.com/LX-LX88/cve/issues/11 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M921 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M960 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M961 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DIR-825M Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13304",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:51.769883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:42.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/11"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M961",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T22:32:07.051Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332644 | D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332644"
            },
            {
              "name": "VDB-332644 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332644"
            },
            {
              "name": "Submit #691808 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691808"
            },
            {
              "name": "Submit #691810 | D-Link DWR-M961 V1.1.47 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691810"
            },
            {
              "name": "Submit #691812 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691812"
            },
            {
              "name": "Submit #691817 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691817"
            },
            {
              "name": "Submit #691821 | D-Link DIR-825m V1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691821"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/11"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:21:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13304",
        "datePublished": "2025-11-17T22:32:07.051Z",
        "dateReserved": "2025-11-17T14:12:06.794Z",
        "dateUpdated": "2025-11-18T16:36:42.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }