Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for dwr-m920_firmware by dlink

    CVE-2026-11339 (GCVE-0-2026-11339)

    Vulnerability from nvd – Published: 2026-06-05 16:30 – Updated: 2026-06-09 14:37
    VLAI
    Title
    D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11339",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:10:32.759390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:14.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:30:11.653Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368881 | D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368881"
            },
            {
              "name": "VDB-368881 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368881/cti"
            },
            {
              "name": "CVE-2026-11339 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11339"
            },
            {
              "name": "Submit #832579 | D-Link DWR-M920 1.1.50 Code Injection and Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832579"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formUSSDSetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:23:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11339",
        "datePublished": "2026-06-05T16:30:11.653Z",
        "dateReserved": "2026-06-05T08:18:10.205Z",
        "dateUpdated": "2026-06-09T14:37:14.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10878 (GCVE-0-2026-10878)

    Vulnerability from nvd – Published: 2026-06-05 00:00 – Updated: 2026-06-05 19:28
    VLAI
    Title
    D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Affected: 1.1.70
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:27:49.229788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:28:05.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                },
                {
                  "status": "affected",
                  "version": "1.1.70"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:00:17.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368368 | D-Link DWR-M920 formSmsManage sub_41C8E8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368368"
            },
            {
              "name": "VDB-368368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368368/cti"
            },
            {
              "name": "CVE-2026-10878 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10878"
            },
            {
              "name": "Submit #832154 | D-Link DWR-M920 1.1.50,1.1.70 Command Injection and stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832154"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formSmsManage.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T17:45:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formSmsManage sub_41C8E8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10878",
        "datePublished": "2026-06-05T00:00:17.909Z",
        "dateReserved": "2026-06-04T15:40:34.401Z",
        "dateUpdated": "2026-06-05T19:28:05.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15193 (GCVE-0-2025-15193)

    Vulnerability from nvd – Published: 2025-12-29 15:02 – Updated: 2025-12-29 16:10
    VLAI
    Title
    D-Link DWR-M920 formParentControl sub_423848 buffer overflow
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:10:42.791019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:10:51.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T15:02:08.698Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338578 | D-Link DWR-M920 formParentControl sub_423848 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338578"
            },
            {
              "name": "VDB-338578 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338578"
            },
            {
              "name": "Submit #723556 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723556"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formParentControl sub_423848 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15193",
        "datePublished": "2025-12-29T15:02:08.698Z",
        "dateReserved": "2025-12-28T09:10:14.904Z",
        "dateUpdated": "2025-12-29T16:10:51.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15192 (GCVE-0-2025-15192)

    Vulnerability from nvd – Published: 2025-12-29 14:32 – Updated: 2025-12-29 16:11
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:11:26.435995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:11:38.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:32:08.392Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338577 | D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338577"
            },
            {
              "name": "VDB-338577 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338577"
            },
            {
              "name": "Submit #723555 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723555"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15192",
        "datePublished": "2025-12-29T14:32:08.392Z",
        "dateReserved": "2025-12-28T09:10:12.267Z",
        "dateUpdated": "2025-12-29T16:11:38.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15191 (GCVE-0-2025-15191)

    Vulnerability from nvd – Published: 2025-12-29 14:02 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection
    Summary
    A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15191",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:02.160923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:08.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:02:07.207Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338576 | D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338576"
            },
            {
              "name": "VDB-338576 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338576"
            },
            {
              "name": "Submit #723554 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723554"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15191",
        "datePublished": "2025-12-29T14:02:07.207Z",
        "dateReserved": "2025-12-28T09:10:09.118Z",
        "dateUpdated": "2025-12-29T14:26:08.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15190 (GCVE-0-2025-15190)

    Vulnerability from nvd – Published: 2025-12-29 13:32 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formFilter sub_42261C stack-based overflow
    Summary
    A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:47.570441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:52.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:32:08.616Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338575 | D-Link DWR-M920 formFilter sub_42261C stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338575"
            },
            {
              "name": "VDB-338575 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338575"
            },
            {
              "name": "Submit #723553 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723553"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formFilter sub_42261C stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15190",
        "datePublished": "2025-12-29T13:32:08.616Z",
        "dateReserved": "2025-12-28T09:10:06.331Z",
        "dateUpdated": "2025-12-29T14:26:52.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15189 (GCVE-0-2025-15189)

    Vulnerability from nvd – Published: 2025-12-29 13:02 – Updated: 2025-12-29 13:15
    VLAI
    Title
    D-Link DWR-M920 formDefRoute sub_464794 buffer overflow
    Summary
    A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15189",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T13:13:46.511240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T13:15:00.973Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:02:11.742Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338574 | D-Link DWR-M920 formDefRoute sub_464794 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338574"
            },
            {
              "name": "VDB-338574 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338574"
            },
            {
              "name": "Submit #723552 | D-Link DWR-M920 VV1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723552"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formDefRoute sub_464794 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15189",
        "datePublished": "2025-12-29T13:02:11.742Z",
        "dateReserved": "2025-12-28T09:09:56.335Z",
        "dateUpdated": "2025-12-29T13:15:00.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13553 (GCVE-0-2025-13553)

    Vulnerability from nvd – Published: 2025-11-23 14:02 – Updated: 2025-11-24 16:22
    VLAI
    Title
    D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333320 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333320 signaturepermissions-required
    https://vuldb.com/?submit.695435 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/45 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Create a notification for this product.
    Credits
    LINXI666 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13553",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:22:07.450072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:22:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/45"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LINXI666 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T14:02:06.345Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333320 | D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333320"
            },
            {
              "name": "VDB-333320 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333320"
            },
            {
              "name": "Submit #695435 | D-Link DWR-M920 v1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695435"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/45"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:21:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13553",
        "datePublished": "2025-11-23T14:02:06.345Z",
        "dateReserved": "2025-11-22T15:16:33.248Z",
        "dateUpdated": "2025-11-24T16:22:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13552 (GCVE-0-2025-13552)

    Vulnerability from nvd – Published: 2025-11-23 13:32 – Updated: 2025-11-24 16:23
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
    Summary
    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333319 signaturepermissions-required
    https://vuldb.com/?submit.693803 third-party-advisory
    https://vuldb.com/?submit.695434 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/36 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/44 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13552",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:06.812674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:23:10.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/44"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/36"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:32:06.358Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333319 | D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333319"
            },
            {
              "name": "VDB-333319 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333319"
            },
            {
              "name": "Submit #693803 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693803"
            },
            {
              "name": "Submit #695434 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695434"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/36"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/44"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13552",
        "datePublished": "2025-11-23T13:32:06.358Z",
        "dateReserved": "2025-11-22T15:12:35.362Z",
        "dateUpdated": "2025-11-24T16:23:10.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13551 (GCVE-0-2025-13551)

    Vulnerability from nvd – Published: 2025-11-23 13:02 – Updated: 2025-11-24 16:24
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow
    Summary
    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333318 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333318 signaturepermissions-required
    https://vuldb.com/?submit.693785 third-party-advisory
    https://vuldb.com/?submit.695436 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/35 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/46 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13551",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:55.047695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:24:00.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/35"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/46"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:02:06.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333318 | D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333318"
            },
            {
              "name": "VDB-333318 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333318"
            },
            {
              "name": "Submit #693785 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693785"
            },
            {
              "name": "Submit #695436 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695436"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/35"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/46"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13551",
        "datePublished": "2025-11-23T13:02:06.976Z",
        "dateReserved": "2025-11-22T15:12:25.391Z",
        "dateUpdated": "2025-11-24T16:24:00.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13550 (GCVE-0-2025-13550)

    Vulnerability from nvd – Published: 2025-11-23 12:32 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
    Summary
    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333317 signaturepermissions-required
    https://vuldb.com/?submit.693777 third-party-advisory
    https://vuldb.com/?submit.695437 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/33 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/47 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:03.688850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:06.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/47"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/33"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:32:06.524Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333317 | D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333317"
            },
            {
              "name": "VDB-333317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333317"
            },
            {
              "name": "Submit #693777 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693777"
            },
            {
              "name": "Submit #695437 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695437"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/33"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/47"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13550",
        "datePublished": "2025-11-23T12:32:06.524Z",
        "dateReserved": "2025-11-22T15:12:20.265Z",
        "dateUpdated": "2025-11-24T16:25:06.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13548 (GCVE-0-2025-13548)

    Vulnerability from nvd – Published: 2025-11-23 11:32 – Updated: 2025-11-24 16:26
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333315 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333315 signaturepermissions-required
    https://vuldb.com/?submit.693767 third-party-advisory
    https://vuldb.com/?submit.695433 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/31 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/43 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:26:30.262716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:26:33.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/31"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/43"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:32:06.522Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333315 | D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333315"
            },
            {
              "name": "VDB-333315 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333315"
            },
            {
              "name": "Submit #693767 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693767"
            },
            {
              "name": "Submit #695433 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695433"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/31"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/43"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13548",
        "datePublished": "2025-11-23T11:32:06.522Z",
        "dateReserved": "2025-11-22T15:08:56.294Z",
        "dateUpdated": "2025-11-24T16:26:33.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13547 (GCVE-0-2025-13547)

    Vulnerability from nvd – Published: 2025-11-23 11:02 – Updated: 2025-11-24 16:27
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formDdns memory corruption
    Summary
    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333314 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333314 signaturepermissions-required
    https://vuldb.com/?submit.693758 third-party-advisory
    https://vuldb.com/?submit.695428 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/30 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/42 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:27:22.130221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:27:25.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/30"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/42"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:02:06.826Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333314 | D-Link DIR-822K/DWR-M920 formDdns memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333314"
            },
            {
              "name": "VDB-333314 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333314"
            },
            {
              "name": "Submit #693758 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693758"
            },
            {
              "name": "Submit #695428 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695428"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/30"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/42"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formDdns memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13547",
        "datePublished": "2025-11-23T11:02:06.826Z",
        "dateReserved": "2025-11-22T15:08:42.670Z",
        "dateUpdated": "2025-11-24T16:27:25.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from nvd – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13305 (GCVE-0-2025-13305)

    Vulnerability from nvd – Published: 2025-11-17 23:02 – Updated: 2025-11-18 14:41
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332645 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332645 signaturepermissions-required
    https://vuldb.com/?submit.691809 third-party-advisory
    https://vuldb.com/?submit.691816 third-party-advisory
    https://vuldb.com/?submit.693784 third-party-advisory
    https://vuldb.com/?submit.693806 third-party-advisory
    https://vuldb.com/?submit.695424 third-party-advisory
    https://github.com/LX-LX88/cve/issues/12 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13305",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:40:50.580816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T14:41:07.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/12"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:02:06.147Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332645"
            },
            {
              "name": "VDB-332645 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332645"
            },
            {
              "name": "Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691809"
            },
            {
              "name": "Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691816"
            },
            {
              "name": "Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693784"
            },
            {
              "name": "Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693806"
            },
            {
              "name": "Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695424"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/12"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:22:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13305",
        "datePublished": "2025-11-17T23:02:06.147Z",
        "dateReserved": "2025-11-17T14:12:10.254Z",
        "dateUpdated": "2025-11-18T14:41:07.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13304 (GCVE-0-2025-13304)

    Vulnerability from nvd – Published: 2025-11-17 22:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow
    Summary
    A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332644 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332644 signaturepermissions-required
    https://vuldb.com/?submit.691808 third-party-advisory
    https://vuldb.com/?submit.691810 third-party-advisory
    https://vuldb.com/?submit.691812 third-party-advisory
    https://vuldb.com/?submit.691817 third-party-advisory
    https://vuldb.com/?submit.691821 third-party-advisory
    https://github.com/LX-LX88/cve/issues/11 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M921 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M960 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DWR-M961 Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    D-Link DIR-825M Affected: 1.01.07
    Affected: 1.1.47
    Create a notification for this product.
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13304",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:51.769883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:42.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/11"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M960",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DWR-M961",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.07"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T22:32:07.051Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332644 | D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332644"
            },
            {
              "name": "VDB-332644 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332644"
            },
            {
              "name": "Submit #691808 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691808"
            },
            {
              "name": "Submit #691810 | D-Link DWR-M961 V1.1.47 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691810"
            },
            {
              "name": "Submit #691812 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691812"
            },
            {
              "name": "Submit #691817 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691817"
            },
            {
              "name": "Submit #691821 | D-Link DIR-825m V1.1.12 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691821"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/11"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:21:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13304",
        "datePublished": "2025-11-17T22:32:07.051Z",
        "dateReserved": "2025-11-17T14:12:06.794Z",
        "dateUpdated": "2025-11-18T16:36:42.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11339 (GCVE-0-2026-11339)

    Vulnerability from cvelistv5 – Published: 2026-06-05 16:30 – Updated: 2026-06-09 14:37
    VLAI
    Title
    D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11339",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:10:32.759390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:14.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:30:11.653Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368881 | D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368881"
            },
            {
              "name": "VDB-368881 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368881/cti"
            },
            {
              "name": "CVE-2026-11339 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11339"
            },
            {
              "name": "Submit #832579 | D-Link DWR-M920 1.1.50 Code Injection and Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832579"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formUSSDSetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:23:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11339",
        "datePublished": "2026-06-05T16:30:11.653Z",
        "dateReserved": "2026-06-05T08:18:10.205Z",
        "dateUpdated": "2026-06-09T14:37:14.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10878 (GCVE-0-2026-10878)

    Vulnerability from cvelistv5 – Published: 2026-06-05 00:00 – Updated: 2026-06-05 19:28
    VLAI
    Title
    D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Affected: 1.1.70
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:27:49.229788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:28:05.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                },
                {
                  "status": "affected",
                  "version": "1.1.70"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:00:17.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368368 | D-Link DWR-M920 formSmsManage sub_41C8E8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368368"
            },
            {
              "name": "VDB-368368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368368/cti"
            },
            {
              "name": "CVE-2026-10878 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10878"
            },
            {
              "name": "Submit #832154 | D-Link DWR-M920 1.1.50,1.1.70 Command Injection and stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832154"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formSmsManage.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T17:45:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formSmsManage sub_41C8E8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10878",
        "datePublished": "2026-06-05T00:00:17.909Z",
        "dateReserved": "2026-06-04T15:40:34.401Z",
        "dateUpdated": "2026-06-05T19:28:05.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15193 (GCVE-0-2025-15193)

    Vulnerability from cvelistv5 – Published: 2025-12-29 15:02 – Updated: 2025-12-29 16:10
    VLAI
    Title
    D-Link DWR-M920 formParentControl sub_423848 buffer overflow
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:10:42.791019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:10:51.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T15:02:08.698Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338578 | D-Link DWR-M920 formParentControl sub_423848 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338578"
            },
            {
              "name": "VDB-338578 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338578"
            },
            {
              "name": "Submit #723556 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723556"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formParentControl sub_423848 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15193",
        "datePublished": "2025-12-29T15:02:08.698Z",
        "dateReserved": "2025-12-28T09:10:14.904Z",
        "dateUpdated": "2025-12-29T16:10:51.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15192 (GCVE-0-2025-15192)

    Vulnerability from cvelistv5 – Published: 2025-12-29 14:32 – Updated: 2025-12-29 16:11
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:11:26.435995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:11:38.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:32:08.392Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338577 | D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338577"
            },
            {
              "name": "VDB-338577 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338577"
            },
            {
              "name": "Submit #723555 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723555"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15192",
        "datePublished": "2025-12-29T14:32:08.392Z",
        "dateReserved": "2025-12-28T09:10:12.267Z",
        "dateUpdated": "2025-12-29T16:11:38.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15191 (GCVE-0-2025-15191)

    Vulnerability from cvelistv5 – Published: 2025-12-29 14:02 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection
    Summary
    A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15191",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:02.160923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:08.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T14:02:07.207Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338576 | D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338576"
            },
            {
              "name": "VDB-338576 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338576"
            },
            {
              "name": "Submit #723554 | D-Link DWR-M920 V1.1.50 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723554"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15191",
        "datePublished": "2025-12-29T14:02:07.207Z",
        "dateReserved": "2025-12-28T09:10:09.118Z",
        "dateUpdated": "2025-12-29T14:26:08.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15190 (GCVE-0-2025-15190)

    Vulnerability from cvelistv5 – Published: 2025-12-29 13:32 – Updated: 2025-12-29 14:26
    VLAI
    Title
    D-Link DWR-M920 formFilter sub_42261C stack-based overflow
    Summary
    A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T14:26:47.570441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T14:26:52.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:32:08.616Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338575 | D-Link DWR-M920 formFilter sub_42261C stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338575"
            },
            {
              "name": "VDB-338575 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338575"
            },
            {
              "name": "Submit #723553 | D-Link DWR-M920 V1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723553"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:21.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formFilter sub_42261C stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15190",
        "datePublished": "2025-12-29T13:32:08.616Z",
        "dateReserved": "2025-12-28T09:10:06.331Z",
        "dateUpdated": "2025-12-29T14:26:52.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15189 (GCVE-0-2025-15189)

    Vulnerability from cvelistv5 – Published: 2025-12-29 13:02 – Updated: 2025-12-29 13:15
    VLAI
    Title
    D-Link DWR-M920 formDefRoute sub_464794 buffer overflow
    Summary
    A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15189",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T13:13:46.511240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T13:15:00.973Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T13:02:11.742Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338574 | D-Link DWR-M920 formDefRoute sub_464794 buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338574"
            },
            {
              "name": "VDB-338574 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338574"
            },
            {
              "name": "Submit #723552 | D-Link DWR-M920 VV1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.723552"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formDefRoute.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-28T10:15:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formDefRoute sub_464794 buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15189",
        "datePublished": "2025-12-29T13:02:11.742Z",
        "dateReserved": "2025-12-28T09:09:56.335Z",
        "dateUpdated": "2025-12-29T13:15:00.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13553 (GCVE-0-2025-13553)

    Vulnerability from cvelistv5 – Published: 2025-11-23 14:02 – Updated: 2025-11-24 16:22
    VLAI
    Title
    D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow
    Summary
    A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333320 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333320 signaturepermissions-required
    https://vuldb.com/?submit.695435 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/45 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Create a notification for this product.
    Credits
    LINXI666 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13553",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:22:07.450072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:22:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/45"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LINXI666 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T14:02:06.345Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333320 | D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333320"
            },
            {
              "name": "VDB-333320 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333320"
            },
            {
              "name": "Submit #695435 | D-Link DWR-M920 v1.1.50 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695435"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/45"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:21:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13553",
        "datePublished": "2025-11-23T14:02:06.345Z",
        "dateReserved": "2025-11-22T15:16:33.248Z",
        "dateUpdated": "2025-11-24T16:22:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13552 (GCVE-0-2025-13552)

    Vulnerability from cvelistv5 – Published: 2025-11-23 13:32 – Updated: 2025-11-24 16:23
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
    Summary
    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333319 signaturepermissions-required
    https://vuldb.com/?submit.693803 third-party-advisory
    https://vuldb.com/?submit.695434 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/36 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/44 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13552",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:06.812674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:23:10.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/44"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/36"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:32:06.358Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333319 | D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333319"
            },
            {
              "name": "VDB-333319 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333319"
            },
            {
              "name": "Submit #693803 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693803"
            },
            {
              "name": "Submit #695434 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695434"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/36"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/44"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13552",
        "datePublished": "2025-11-23T13:32:06.358Z",
        "dateReserved": "2025-11-22T15:12:35.362Z",
        "dateUpdated": "2025-11-24T16:23:10.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13551 (GCVE-0-2025-13551)

    Vulnerability from cvelistv5 – Published: 2025-11-23 13:02 – Updated: 2025-11-24 16:24
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow
    Summary
    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333318 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333318 signaturepermissions-required
    https://vuldb.com/?submit.693785 third-party-advisory
    https://vuldb.com/?submit.695436 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/35 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/46 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13551",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:23:55.047695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:24:00.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/35"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/46"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T13:02:06.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333318 | D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333318"
            },
            {
              "name": "VDB-333318 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333318"
            },
            {
              "name": "Submit #693785 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693785"
            },
            {
              "name": "Submit #695436 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695436"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/35"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/46"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13551",
        "datePublished": "2025-11-23T13:02:06.976Z",
        "dateReserved": "2025-11-22T15:12:25.391Z",
        "dateUpdated": "2025-11-24T16:24:00.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13550 (GCVE-0-2025-13550)

    Vulnerability from cvelistv5 – Published: 2025-11-23 12:32 – Updated: 2025-11-24 16:25
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
    Summary
    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333317 signaturepermissions-required
    https://vuldb.com/?submit.693777 third-party-advisory
    https://vuldb.com/?submit.695437 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/33 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/47 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:25:03.688850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:25:06.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/47"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/33"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T12:32:06.524Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333317 | D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333317"
            },
            {
              "name": "VDB-333317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333317"
            },
            {
              "name": "Submit #693777 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693777"
            },
            {
              "name": "Submit #695437 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695437"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/33"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/47"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:17:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13550",
        "datePublished": "2025-11-23T12:32:06.524Z",
        "dateReserved": "2025-11-22T15:12:20.265Z",
        "dateUpdated": "2025-11-24T16:25:06.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13548 (GCVE-0-2025-13548)

    Vulnerability from cvelistv5 – Published: 2025-11-23 11:32 – Updated: 2025-11-24 16:26
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
    Summary
    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333315 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333315 signaturepermissions-required
    https://vuldb.com/?submit.693767 third-party-advisory
    https://vuldb.com/?submit.695433 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/31 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/43 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:26:30.262716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:26:33.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/31"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/43"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:32:06.522Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333315 | D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333315"
            },
            {
              "name": "VDB-333315 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333315"
            },
            {
              "name": "Submit #693767 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693767"
            },
            {
              "name": "Submit #695433 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695433"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/31"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/43"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13548",
        "datePublished": "2025-11-23T11:32:06.522Z",
        "dateReserved": "2025-11-22T15:08:56.294Z",
        "dateUpdated": "2025-11-24T16:26:33.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13547 (GCVE-0-2025-13547)

    Vulnerability from cvelistv5 – Published: 2025-11-23 11:02 – Updated: 2025-11-24 16:27
    VLAI
    Title
    D-Link DIR-822K/DWR-M920 formDdns memory corruption
    Summary
    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.333314 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.333314 signaturepermissions-required
    https://vuldb.com/?submit.693758 third-party-advisory
    https://vuldb.com/?submit.695428 third-party-advisory
    https://github.com/QIU-DIE/CVE/issues/30 issue-tracking
    https://github.com/QIU-DIE/CVE/issues/42 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-822K Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    D-Link DWR-M920 Affected: 1.00_20250513164613
    Affected: 1.1.50
    Create a notification for this product.
    Credits
    hhsw34 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T16:27:22.130221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T16:27:25.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/30"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/QIU-DIE/CVE/issues/42"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            },
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00_20250513164613"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hhsw34 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-23T11:02:06.826Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-333314 | D-Link DIR-822K/DWR-M920 formDdns memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.333314"
            },
            {
              "name": "VDB-333314 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.333314"
            },
            {
              "name": "Submit #693758 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693758"
            },
            {
              "name": "Submit #695428 | D-Link DWR-M920 v1.1.50 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695428"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/30"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/QIU-DIE/CVE/issues/42"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-22T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-22T16:13:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-822K/DWR-M920 formDdns memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13547",
        "datePublished": "2025-11-23T11:02:06.826Z",
        "dateReserved": "2025-11-22T15:08:42.670Z",
        "dateUpdated": "2025-11-24T16:27:25.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13306 (GCVE-0-2025-13306)

    Vulnerability from cvelistv5 – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
    VLAI
    Title
    D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
    Summary
    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332646 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332646 signaturepermissions-required
    https://vuldb.com/?submit.691813 third-party-advisory
    https://vuldb.com/?submit.693805 third-party-advisory
    https://vuldb.com/?submit.693807 third-party-advisory
    https://vuldb.com/?submit.695426 third-party-advisory
    https://github.com/LX-LX88/cve/issues/15 exploitissue-tracking
    https://www.dlink.com/ product
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:26.978748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:07.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DWR-M921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-822K",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            },
            {
              "product": "DIR-825M",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T23:32:06.249Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332646"
            },
            {
              "name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332646"
            },
            {
              "name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.691813"
            },
            {
              "name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693805"
            },
            {
              "name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.693807"
            },
            {
              "name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.695426"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-17T15:27:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13306",
        "datePublished": "2025-11-17T23:32:06.249Z",
        "dateReserved": "2025-11-17T14:22:32.469Z",
        "dateUpdated": "2025-11-18T16:36:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }