Search

Find a vulnerability

Search criteria

    34 vulnerabilities found for DWR-M920 by D-Link

    CVE-2026-11341 (GCVE-0-2026-11341)

    Vulnerability from nvd – Published: 2026-06-05 16:45 – Updated: 2026-06-05 19:37
    VLAI
    Title
    D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
    Summary
    A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11341",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:37:05.583336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:37:29.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:45:09.150Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368882 | D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368882"
            },
            {
              "name": "VDB-368882 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368882/cti"
            },
            {
              "name": "CVE-2026-11341 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11341"
            },
            {
              "name": "Submit #832593 | D-Link DWR-M920 1.1.50 Command Injection and  Stack Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832593"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formIMEISetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:24:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11341",
        "datePublished": "2026-06-05T16:45:09.150Z",
        "dateReserved": "2026-06-05T08:19:13.223Z",
        "dateUpdated": "2026-06-05T19:37:29.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11339 (GCVE-0-2026-11339)

    Vulnerability from nvd – Published: 2026-06-05 16:30 – Updated: 2026-06-09 14:37
    VLAI
    Title
    D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11339",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:10:32.759390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:14.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:30:11.653Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368881 | D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368881"
            },
            {
              "name": "VDB-368881 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368881/cti"
            },
            {
              "name": "CVE-2026-11339 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11339"
            },
            {
              "name": "Submit #832579 | D-Link DWR-M920 1.1.50 Code Injection and Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832579"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formUSSDSetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:23:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11339",
        "datePublished": "2026-06-05T16:30:11.653Z",
        "dateReserved": "2026-06-05T08:18:10.205Z",
        "dateUpdated": "2026-06-09T14:37:14.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10878 (GCVE-0-2026-10878)

    Vulnerability from nvd – Published: 2026-06-05 00:00 – Updated: 2026-06-05 19:28
    VLAI
    Title
    D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Affected: 1.1.70
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:27:49.229788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:28:05.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                },
                {
                  "status": "affected",
                  "version": "1.1.70"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:00:17.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368368 | D-Link DWR-M920 formSmsManage sub_41C8E8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368368"
            },
            {
              "name": "VDB-368368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368368/cti"
            },
            {
              "name": "CVE-2026-10878 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10878"
            },
            {
              "name": "Submit #832154 | D-Link DWR-M920 1.1.50,1.1.70 Command Injection and stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832154"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formSmsManage.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T17:45:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formSmsManage sub_41C8E8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10878",
        "datePublished": "2026-06-05T00:00:17.909Z",
        "dateReserved": "2026-06-04T15:40:34.401Z",
        "dateUpdated": "2026-06-05T19:28:05.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15193 (GCVE-0-2025-15193)

    Vulnerability from nvd – Published: 2025-12-29 15:02 – Updated: 2025-12-29 16:10
    VLAI
    Title
    D-Link DWR-M920 formParentControl sub_423848 buffer overflow
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:10:42.791019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:10:51.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T15:02:08.698Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338578 | D-Link DWR-M920 formParentControl sub_423848 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338578"
            },
            {
              "name": "VDB-338578 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338578"
            },
            {
              "name": "Submit #723556 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723556"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formParentControl sub_423848 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15193",
        "datePublished": "2025-12-29T15:02:08.698Z",
        "dateReserved": "2025-12-28T09:10:14.904Z",
        "dateUpdated": "2025-12-29T16:10:51.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15192 (GCVE-0-2025-15192)

    Vulnerability from nvd – Published: 2025-12-29 14:32 – Updated: 2025-12-29 16:11
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:11:26.435995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:11:38.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:32:08.392Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338577 | D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338577"
            },
            {
              "name": "VDB-338577 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338577"
            },
            {
              "name": "Submit #723555 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723555"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15192",
        "datePublished": "2025-12-29T14:32:08.392Z",
        "dateReserved": "2025-12-28T09:10:12.267Z",
        "dateUpdated": "2025-12-29T16:11:38.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15191 (GCVE-0-2025-15191)

    Vulnerability from nvd – Published: 2025-12-29 14:02 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection
    Summary
    A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15191",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:02.160923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:08.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:02:07.207Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338576 | D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338576"
            },
            {
              "name": "VDB-338576 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338576"
            },
            {
              "name": "Submit #723554 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723554"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15191",
        "datePublished": "2025-12-29T14:02:07.207Z",
        "dateReserved": "2025-12-28T09:10:09.118Z",
        "dateUpdated": "2025-12-29T14:26:08.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15190 (GCVE-0-2025-15190)

    Vulnerability from nvd – Published: 2025-12-29 13:32 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formFilter sub_42261C stack-based overflow
    Summary
    A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:47.570441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:52.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:32:08.616Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338575 | D-Link DWR-M920 formFilter sub_42261C stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338575"
            },
            {
              "name": "VDB-338575 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338575"
            },
            {
              "name": "Submit #723553 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723553"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formFilter sub_42261C stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15190",
        "datePublished": "2025-12-29T13:32:08.616Z",
        "dateReserved": "2025-12-28T09:10:06.331Z",
        "dateUpdated": "2025-12-29T14:26:52.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15189 (GCVE-0-2025-15189)

    Vulnerability from nvd – Published: 2025-12-29 13:02 – Updated: 2025-12-29 13:15
    VLAI
    Title
    D-Link DWR-M920 formDefRoute sub_464794 buffer overflow
    Summary
    A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15189",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T13:13:46.511240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T13:15:00.973Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:02:11.742Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338574 | D-Link DWR-M920 formDefRoute sub_464794 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338574"
            },
            {
              "name": "VDB-338574 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338574"
            },
            {
              "name": "Submit #723552 | D-Link DWR-M920 VV1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723552"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formDefRoute sub_464794 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15189",
        "datePublished": "2025-12-29T13:02:11.742Z",
        "dateReserved": "2025-12-28T09:09:56.335Z",
        "dateUpdated": "2025-12-29T13:15:00.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13553 (GCVE-0-2025-13553)

    Vulnerability from nvd – Published: 2025-11-23 14:02 – Updated: 2025-11-24 16:22
    VLAI
    Title
    D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333320 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333320 signaturepermissions-required
    https://vuldb.com/?submit.695435 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/45 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Create a notification for this product.
    Credits
    LINXI666 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13553",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:22:07.450072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:22:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/45"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LINXI666 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T14:02:06.345Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333320 | D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333320"
            },
            {
              "name": "VDB-333320 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333320"
            },
            {
              "name": "Submit #695435 | D-Link DWR-M920 v1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695435"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/45"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:21:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13553",
        "datePublished": "2025-11-23T14:02:06.345Z",
        "dateReserved": "2025-11-22T15:16:33.248Z",
        "dateUpdated": "2025-11-24T16:22:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13552 (GCVE-0-2025-13552)

    Vulnerability from nvd – Published: 2025-11-23 13:32 – Updated: 2025-11-24 16:23
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
    Summary
    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333319 signaturepermissions-required
    https://vuldb.com/?submit.693803 third-party-advisory
    https://vuldb.com/?submit.695434 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/36 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/44 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13552",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:06.812674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:23:10.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/44"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/36"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:32:06.358Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333319 | D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333319"
            },
            {
              "name": "VDB-333319 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333319"
            },
            {
              "name": "Submit #693803 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693803"
            },
            {
              "name": "Submit #695434 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695434"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/36"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/44"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13552",
        "datePublished": "2025-11-23T13:32:06.358Z",
        "dateReserved": "2025-11-22T15:12:35.362Z",
        "dateUpdated": "2025-11-24T16:23:10.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13551 (GCVE-0-2025-13551)

    Vulnerability from nvd – Published: 2025-11-23 13:02 – Updated: 2025-11-24 16:24
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow
    Summary
    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333318 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333318 signaturepermissions-required
    https://vuldb.com/?submit.693785 third-party-advisory
    https://vuldb.com/?submit.695436 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/35 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/46 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13551",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:55.047695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:24:00.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/35"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/46"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:02:06.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333318 | D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333318"
            },
            {
              "name": "VDB-333318 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333318"
            },
            {
              "name": "Submit #693785 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693785"
            },
            {
              "name": "Submit #695436 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695436"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/35"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/46"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13551",
        "datePublished": "2025-11-23T13:02:06.976Z",
        "dateReserved": "2025-11-22T15:12:25.391Z",
        "dateUpdated": "2025-11-24T16:24:00.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13550 (GCVE-0-2025-13550)

    Vulnerability from nvd – Published: 2025-11-23 12:32 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
    Summary
    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333317 signaturepermissions-required
    https://vuldb.com/?submit.693777 third-party-advisory
    https://vuldb.com/?submit.695437 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/33 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/47 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:03.688850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:06.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/47"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/33"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:32:06.524Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333317 | D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333317"
            },
            {
              "name": "VDB-333317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333317"
            },
            {
              "name": "Submit #693777 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693777"
            },
            {
              "name": "Submit #695437 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695437"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/33"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/47"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13550",
        "datePublished": "2025-11-23T12:32:06.524Z",
        "dateReserved": "2025-11-22T15:12:20.265Z",
        "dateUpdated": "2025-11-24T16:25:06.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13548 (GCVE-0-2025-13548)

    Vulnerability from nvd – Published: 2025-11-23 11:32 – Updated: 2025-11-24 16:26
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333315 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333315 signaturepermissions-required
    https://vuldb.com/?submit.693767 third-party-advisory
    https://vuldb.com/?submit.695433 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/31 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/43 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:26:30.262716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:26:33.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/31"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/43"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:32:06.522Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333315 | D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333315"
            },
            {
              "name": "VDB-333315 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333315"
            },
            {
              "name": "Submit #693767 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693767"
            },
            {
              "name": "Submit #695433 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695433"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/31"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/43"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13548",
        "datePublished": "2025-11-23T11:32:06.522Z",
        "dateReserved": "2025-11-22T15:08:56.294Z",
        "dateUpdated": "2025-11-24T16:26:33.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13547 (GCVE-0-2025-13547)

    Vulnerability from nvd – Published: 2025-11-23 11:02 – Updated: 2025-11-24 16:27
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formDdns memory corruption
    Summary
    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333314 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333314 signaturepermissions-required
    https://vuldb.com/?submit.693758 third-party-advisory
    https://vuldb.com/?submit.695428 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/30 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/42 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:27:22.130221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:27:25.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/30"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/42"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:02:06.826Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333314 | D-Link DIR-822K/DWR-M920 formDdns memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333314"
            },
            {
              "name": "VDB-333314 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333314"
            },
            {
              "name": "Submit #693758 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693758"
            },
            {
              "name": "Submit #695428 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695428"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/30"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/42"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formDdns memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13547",
        "datePublished": "2025-11-23T11:02:06.826Z",
        "dateReserved": "2025-11-22T15:08:42.670Z",
        "dateUpdated": "2025-11-24T16:27:25.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from nvd – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11341 (GCVE-0-2026-11341)

    Vulnerability from cvelistv5 – Published: 2026-06-05 16:45 – Updated: 2026-06-05 19:37
    VLAI
    Title
    D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
    Summary
    A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11341",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:37:05.583336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:37:29.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:45:09.150Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368882 | D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368882"
            },
            {
              "name": "VDB-368882 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368882/cti"
            },
            {
              "name": "CVE-2026-11341 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11341"
            },
            {
              "name": "Submit #832593 | D-Link DWR-M920 1.1.50 Command Injection and  Stack Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832593"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formIMEISetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:24:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11341",
        "datePublished": "2026-06-05T16:45:09.150Z",
        "dateReserved": "2026-06-05T08:19:13.223Z",
        "dateUpdated": "2026-06-05T19:37:29.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11339 (GCVE-0-2026-11339)

    Vulnerability from cvelistv5 – Published: 2026-06-05 16:30 – Updated: 2026-06-09 14:37
    VLAI
    Title
    D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11339",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:10:32.759390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:14.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:30:11.653Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368881 | D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368881"
            },
            {
              "name": "VDB-368881 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368881/cti"
            },
            {
              "name": "CVE-2026-11339 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11339"
            },
            {
              "name": "Submit #832579 | D-Link DWR-M920 1.1.50 Code Injection and Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832579"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formUSSDSetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:23:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11339",
        "datePublished": "2026-06-05T16:30:11.653Z",
        "dateReserved": "2026-06-05T08:18:10.205Z",
        "dateUpdated": "2026-06-09T14:37:14.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10878 (GCVE-0-2026-10878)

    Vulnerability from cvelistv5 – Published: 2026-06-05 00:00 – Updated: 2026-06-05 19:28
    VLAI
    Title
    D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Affected: 1.1.70
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:27:49.229788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:28:05.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                },
                {
                  "status": "affected",
                  "version": "1.1.70"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:00:17.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368368 | D-Link DWR-M920 formSmsManage sub_41C8E8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368368"
            },
            {
              "name": "VDB-368368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368368/cti"
            },
            {
              "name": "CVE-2026-10878 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10878"
            },
            {
              "name": "Submit #832154 | D-Link DWR-M920 1.1.50,1.1.70 Command Injection and stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832154"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formSmsManage.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T17:45:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formSmsManage sub_41C8E8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10878",
        "datePublished": "2026-06-05T00:00:17.909Z",
        "dateReserved": "2026-06-04T15:40:34.401Z",
        "dateUpdated": "2026-06-05T19:28:05.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15193 (GCVE-0-2025-15193)

    Vulnerability from cvelistv5 – Published: 2025-12-29 15:02 – Updated: 2025-12-29 16:10
    VLAI
    Title
    D-Link DWR-M920 formParentControl sub_423848 buffer overflow
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:10:42.791019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:10:51.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T15:02:08.698Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338578 | D-Link DWR-M920 formParentControl sub_423848 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338578"
            },
            {
              "name": "VDB-338578 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338578"
            },
            {
              "name": "Submit #723556 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723556"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formParentControl sub_423848 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15193",
        "datePublished": "2025-12-29T15:02:08.698Z",
        "dateReserved": "2025-12-28T09:10:14.904Z",
        "dateUpdated": "2025-12-29T16:10:51.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15192 (GCVE-0-2025-15192)

    Vulnerability from cvelistv5 – Published: 2025-12-29 14:32 – Updated: 2025-12-29 16:11
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:11:26.435995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:11:38.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:32:08.392Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338577 | D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338577"
            },
            {
              "name": "VDB-338577 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338577"
            },
            {
              "name": "Submit #723555 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723555"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15192",
        "datePublished": "2025-12-29T14:32:08.392Z",
        "dateReserved": "2025-12-28T09:10:12.267Z",
        "dateUpdated": "2025-12-29T16:11:38.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15191 (GCVE-0-2025-15191)

    Vulnerability from cvelistv5 – Published: 2025-12-29 14:02 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection
    Summary
    A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15191",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:02.160923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:08.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:02:07.207Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338576 | D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338576"
            },
            {
              "name": "VDB-338576 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338576"
            },
            {
              "name": "Submit #723554 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723554"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15191",
        "datePublished": "2025-12-29T14:02:07.207Z",
        "dateReserved": "2025-12-28T09:10:09.118Z",
        "dateUpdated": "2025-12-29T14:26:08.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15190 (GCVE-0-2025-15190)

    Vulnerability from cvelistv5 – Published: 2025-12-29 13:32 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formFilter sub_42261C stack-based overflow
    Summary
    A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:47.570441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:52.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:32:08.616Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338575 | D-Link DWR-M920 formFilter sub_42261C stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338575"
            },
            {
              "name": "VDB-338575 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338575"
            },
            {
              "name": "Submit #723553 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723553"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formFilter sub_42261C stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15190",
        "datePublished": "2025-12-29T13:32:08.616Z",
        "dateReserved": "2025-12-28T09:10:06.331Z",
        "dateUpdated": "2025-12-29T14:26:52.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15189 (GCVE-0-2025-15189)

    Vulnerability from cvelistv5 – Published: 2025-12-29 13:02 – Updated: 2025-12-29 13:15
    VLAI
    Title
    D-Link DWR-M920 formDefRoute sub_464794 buffer overflow
    Summary
    A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15189",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T13:13:46.511240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T13:15:00.973Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:02:11.742Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338574 | D-Link DWR-M920 formDefRoute sub_464794 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338574"
            },
            {
              "name": "VDB-338574 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338574"
            },
            {
              "name": "Submit #723552 | D-Link DWR-M920 VV1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723552"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formDefRoute sub_464794 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15189",
        "datePublished": "2025-12-29T13:02:11.742Z",
        "dateReserved": "2025-12-28T09:09:56.335Z",
        "dateUpdated": "2025-12-29T13:15:00.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13553 (GCVE-0-2025-13553)

    Vulnerability from cvelistv5 – Published: 2025-11-23 14:02 – Updated: 2025-11-24 16:22
    VLAI
    Title
    D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333320 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333320 signaturepermissions-required
    https://vuldb.com/?submit.695435 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/45 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Create a notification for this product.
    Credits
    LINXI666 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13553",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:22:07.450072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:22:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/45"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LINXI666 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T14:02:06.345Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333320 | D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333320"
            },
            {
              "name": "VDB-333320 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333320"
            },
            {
              "name": "Submit #695435 | D-Link DWR-M920 v1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695435"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/45"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:21:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13553",
        "datePublished": "2025-11-23T14:02:06.345Z",
        "dateReserved": "2025-11-22T15:16:33.248Z",
        "dateUpdated": "2025-11-24T16:22:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13552 (GCVE-0-2025-13552)

    Vulnerability from cvelistv5 – Published: 2025-11-23 13:32 – Updated: 2025-11-24 16:23
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
    Summary
    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333319 signaturepermissions-required
    https://vuldb.com/?submit.693803 third-party-advisory
    https://vuldb.com/?submit.695434 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/36 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/44 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13552",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:06.812674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:23:10.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/44"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/36"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:32:06.358Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333319 | D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333319"
            },
            {
              "name": "VDB-333319 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333319"
            },
            {
              "name": "Submit #693803 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693803"
            },
            {
              "name": "Submit #695434 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695434"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/36"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/44"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13552",
        "datePublished": "2025-11-23T13:32:06.358Z",
        "dateReserved": "2025-11-22T15:12:35.362Z",
        "dateUpdated": "2025-11-24T16:23:10.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13551 (GCVE-0-2025-13551)

    Vulnerability from cvelistv5 – Published: 2025-11-23 13:02 – Updated: 2025-11-24 16:24
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow
    Summary
    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333318 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333318 signaturepermissions-required
    https://vuldb.com/?submit.693785 third-party-advisory
    https://vuldb.com/?submit.695436 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/35 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/46 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13551",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:55.047695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:24:00.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/35"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/46"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:02:06.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333318 | D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333318"
            },
            {
              "name": "VDB-333318 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333318"
            },
            {
              "name": "Submit #693785 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693785"
            },
            {
              "name": "Submit #695436 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695436"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/35"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/46"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13551",
        "datePublished": "2025-11-23T13:02:06.976Z",
        "dateReserved": "2025-11-22T15:12:25.391Z",
        "dateUpdated": "2025-11-24T16:24:00.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13550 (GCVE-0-2025-13550)

    Vulnerability from cvelistv5 – Published: 2025-11-23 12:32 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
    Summary
    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333317 signaturepermissions-required
    https://vuldb.com/?submit.693777 third-party-advisory
    https://vuldb.com/?submit.695437 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/33 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/47 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:03.688850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:06.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/47"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/33"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:32:06.524Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333317 | D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333317"
            },
            {
              "name": "VDB-333317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333317"
            },
            {
              "name": "Submit #693777 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693777"
            },
            {
              "name": "Submit #695437 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695437"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/33"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/47"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13550",
        "datePublished": "2025-11-23T12:32:06.524Z",
        "dateReserved": "2025-11-22T15:12:20.265Z",
        "dateUpdated": "2025-11-24T16:25:06.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13548 (GCVE-0-2025-13548)

    Vulnerability from cvelistv5 – Published: 2025-11-23 11:32 – Updated: 2025-11-24 16:26
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333315 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333315 signaturepermissions-required
    https://vuldb.com/?submit.693767 third-party-advisory
    https://vuldb.com/?submit.695433 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/31 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/43 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:26:30.262716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:26:33.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/31"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/43"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:32:06.522Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333315 | D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333315"
            },
            {
              "name": "VDB-333315 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333315"
            },
            {
              "name": "Submit #693767 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693767"
            },
            {
              "name": "Submit #695433 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695433"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/31"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/43"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13548",
        "datePublished": "2025-11-23T11:32:06.522Z",
        "dateReserved": "2025-11-22T15:08:56.294Z",
        "dateUpdated": "2025-11-24T16:26:33.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13547 (GCVE-0-2025-13547)

    Vulnerability from cvelistv5 – Published: 2025-11-23 11:02 – Updated: 2025-11-24 16:27
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formDdns memory corruption
    Summary
    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333314 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333314 signaturepermissions-required
    https://vuldb.com/?submit.693758 third-party-advisory
    https://vuldb.com/?submit.695428 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/30 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/42 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:27:22.130221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:27:25.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/30"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/42"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:02:06.826Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333314 | D-Link DIR-822K/DWR-M920 formDdns memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333314"
            },
            {
              "name": "VDB-333314 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333314"
            },
            {
              "name": "Submit #693758 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693758"
            },
            {
              "name": "Submit #695428 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695428"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/30"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/42"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formDdns memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13547",
        "datePublished": "2025-11-23T11:02:06.826Z",
        "dateReserved": "2025-11-22T15:08:42.670Z",
        "dateUpdated": "2025-11-24T16:27:25.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from cvelistv5 – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }