Search criteria
6 vulnerabilities found for DWR-M921 by D-Link
CVE-2025-13306 (GCVE-0-2025-13306)
Vulnerability from cvelistv5 – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
VLAI?
Summary
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:25:26.978748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T16:36:07.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/15"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DWR-M920",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
},
{
"product": "DWR-M921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
},
{
"product": "DIR-822K",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
},
{
"product": "DIR-825M",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T23:32:06.249Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332646"
},
{
"name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332646"
},
{
"name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691813"
},
{
"name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693805"
},
{
"name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693807"
},
{
"name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.695426"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/15"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-17T15:27:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13306",
"datePublished": "2025-11-17T23:32:06.249Z",
"dateReserved": "2025-11-17T14:22:32.469Z",
"dateUpdated": "2025-11-18T16:36:07.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13305 (GCVE-0-2025-13305)
Vulnerability from cvelistv5 – Published: 2025-11-17 23:02 – Updated: 2025-11-18 14:41
VLAI?
Summary
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13305",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:40:50.580816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:41:07.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/12"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DWR-M920",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DWR-M921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DWR-M960",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DIR-822K",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DIR-825M",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T23:02:06.147Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332645"
},
{
"name": "VDB-332645 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332645"
},
{
"name": "Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691809"
},
{
"name": "Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691816"
},
{
"name": "Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693784"
},
{
"name": "Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693806"
},
{
"name": "Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.695424"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/12"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-17T15:22:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13305",
"datePublished": "2025-11-17T23:02:06.147Z",
"dateReserved": "2025-11-17T14:12:10.254Z",
"dateUpdated": "2025-11-18T14:41:07.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13304 (GCVE-0-2025-13304)
Vulnerability from cvelistv5 – Published: 2025-11-17 22:32 – Updated: 2025-11-18 16:36
VLAI?
Summary
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13304",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:25:51.769883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T16:36:42.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/11"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DWR-M920",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DWR-M921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DWR-M960",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DWR-M961",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DIR-825M",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T22:32:07.051Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332644 | D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332644"
},
{
"name": "VDB-332644 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332644"
},
{
"name": "Submit #691808 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691808"
},
{
"name": "Submit #691810 | D-Link DWR-M961 V1.1.47 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691810"
},
{
"name": "Submit #691812 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691812"
},
{
"name": "Submit #691817 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691817"
},
{
"name": "Submit #691821 | D-Link DIR-825m V1.1.12 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691821"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/11"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-17T15:21:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13304",
"datePublished": "2025-11-17T22:32:07.051Z",
"dateReserved": "2025-11-17T14:12:06.794Z",
"dateUpdated": "2025-11-18T16:36:42.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13306 (GCVE-0-2025-13306)
Vulnerability from nvd – Published: 2025-11-17 23:32 – Updated: 2025-11-18 16:36
VLAI?
Summary
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:25:26.978748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T16:36:07.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/15"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DWR-M920",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
},
{
"product": "DWR-M921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
},
{
"product": "DIR-822K",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
},
{
"product": "DIR-825M",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T23:32:06.249Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332646 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332646"
},
{
"name": "VDB-332646 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332646"
},
{
"name": "Submit #691813 | D-Link DWR-M920 V1.1.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691813"
},
{
"name": "Submit #693805 | D-Link DIR-822k TK_1.00_20250513164613 Command Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693805"
},
{
"name": "Submit #693807 | D-Link DWR-M921 V1.1.50 Command Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693807"
},
{
"name": "Submit #695426 | D-Link DIR-825m v1.1.12 Command Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.695426"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/15"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-17T15:27:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13306",
"datePublished": "2025-11-17T23:32:06.249Z",
"dateReserved": "2025-11-17T14:22:32.469Z",
"dateUpdated": "2025-11-18T16:36:07.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13305 (GCVE-0-2025-13305)
Vulnerability from nvd – Published: 2025-11-17 23:02 – Updated: 2025-11-18 14:41
VLAI?
Summary
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13305",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:40:50.580816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:41:07.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/12"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DWR-M920",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DWR-M921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DWR-M960",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DIR-822K",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
},
{
"product": "DIR-825M",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T23:02:06.147Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332645 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332645"
},
{
"name": "VDB-332645 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332645"
},
{
"name": "Submit #691809 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691809"
},
{
"name": "Submit #691816 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691816"
},
{
"name": "Submit #693784 | D-Link DIR-822k TK_1.00_20250513164613 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693784"
},
{
"name": "Submit #693806 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.693806"
},
{
"name": "Submit #695424 | D-Link DIR-825m v1.1.12 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.695424"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/12"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-17T15:22:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13305",
"datePublished": "2025-11-17T23:02:06.147Z",
"dateReserved": "2025-11-17T14:12:10.254Z",
"dateUpdated": "2025-11-18T14:41:07.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13304 (GCVE-0-2025-13304)
Vulnerability from nvd – Published: 2025-11-17 22:32 – Updated: 2025-11-18 16:36
VLAI?
Summary
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
Credits
LX-LX (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13304",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:25:51.769883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T16:36:42.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LX-LX88/cve/issues/11"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DWR-M920",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DWR-M921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DWR-M960",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DWR-M961",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
},
{
"product": "DIR-825M",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.01.07"
},
{
"status": "affected",
"version": "1.1.47"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T22:32:07.051Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332644 | D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332644"
},
{
"name": "VDB-332644 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332644"
},
{
"name": "Submit #691808 | D-Link DWR-M960 V1.01.07 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691808"
},
{
"name": "Submit #691810 | D-Link DWR-M961 V1.1.47 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691810"
},
{
"name": "Submit #691812 | D-Link DWR-M921 V1.1.50 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691812"
},
{
"name": "Submit #691817 | D-Link DWR-M920 V1.1.5 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691817"
},
{
"name": "Submit #691821 | D-Link DIR-825m V1.1.12 Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691821"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-LX88/cve/issues/11"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-17T15:21:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13304",
"datePublished": "2025-11-17T22:32:07.051Z",
"dateReserved": "2025-11-17T14:12:06.794Z",
"dateUpdated": "2025-11-18T16:36:42.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}