Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CNVD-2026-04185
Vulnerability from cnvd - Published: 2026-01-16
VLAI Severity ?
Title
D-Link DWR-M920命令注入漏洞
Description
D-Link DWR-M920是中国友讯(D-Link)公司的一款路由器。
D-Link DWR-M920存在命令注入漏洞,该漏洞源于对文件/boafrm/formLtefotaUpgradeQuectel中参数fota_url的错误操作,攻击者可利用该漏洞导致命令注入。
Severity
中
Formal description
目前没有详细的解决方案提供: https://www.dlink.com/us/en
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-15192
Impacted products
| Name | D-Link DWR-M920 <=1.1.50 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-15192",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-15192"
}
},
"description": "D-Link DWR-M920\u662f\u4e2d\u56fd\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\n\nD-Link DWR-M920\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u6587\u4ef6/boafrm/formLtefotaUpgradeQuectel\u4e2d\u53c2\u6570fota_url\u7684\u9519\u8bef\u64cd\u4f5c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u547d\u4ee4\u6ce8\u5165\u3002",
"formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a \r\nhttps://www.dlink.com/us/en",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-04185",
"openTime": "2026-01-16",
"products": {
"product": "D-Link DWR-M920 \u003c=1.1.50"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-15192",
"serverity": "\u4e2d",
"submitTime": "2026-01-14",
"title": "D-Link DWR-M920\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
CVE-2025-15192 (GCVE-0-2025-15192)
Vulnerability from cvelistv5 – Published: 2025-12-29 14:32 – Updated: 2025-12-29 16:11
VLAI?
EPSS
Title
D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection
Summary
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| D-Link | DWR-M920 |
Affected:
1.1.0
Affected: 1.1.1 Affected: 1.1.2 Affected: 1.1.3 Affected: 1.1.4 Affected: 1.1.5 Affected: 1.1.6 Affected: 1.1.7 Affected: 1.1.8 Affected: 1.1.9 Affected: 1.1.10 Affected: 1.1.11 Affected: 1.1.12 Affected: 1.1.13 Affected: 1.1.14 Affected: 1.1.15 Affected: 1.1.16 Affected: 1.1.17 Affected: 1.1.18 Affected: 1.1.19 Affected: 1.1.20 Affected: 1.1.21 Affected: 1.1.22 Affected: 1.1.23 Affected: 1.1.24 Affected: 1.1.25 Affected: 1.1.26 Affected: 1.1.27 Affected: 1.1.28 Affected: 1.1.29 Affected: 1.1.30 Affected: 1.1.31 Affected: 1.1.32 Affected: 1.1.33 Affected: 1.1.34 Affected: 1.1.35 Affected: 1.1.36 Affected: 1.1.37 Affected: 1.1.38 Affected: 1.1.39 Affected: 1.1.40 Affected: 1.1.41 Affected: 1.1.42 Affected: 1.1.43 Affected: 1.1.44 Affected: 1.1.45 Affected: 1.1.46 Affected: 1.1.47 Affected: 1.1.48 Affected: 1.1.49 Affected: 1.1.50 |
Credits
panda_0x1 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15192",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T16:11:26.435995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T16:11:38.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DWR-M920",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.1"
},
{
"status": "affected",
"version": "1.1.2"
},
{
"status": "affected",
"version": "1.1.3"
},
{
"status": "affected",
"version": "1.1.4"
},
{
"status": "affected",
"version": "1.1.5"
},
{
"status": "affected",
"version": "1.1.6"
},
{
"status": "affected",
"version": "1.1.7"
},
{
"status": "affected",
"version": "1.1.8"
},
{
"status": "affected",
"version": "1.1.9"
},
{
"status": "affected",
"version": "1.1.10"
},
{
"status": "affected",
"version": "1.1.11"
},
{
"status": "affected",
"version": "1.1.12"
},
{
"status": "affected",
"version": "1.1.13"
},
{
"status": "affected",
"version": "1.1.14"
},
{
"status": "affected",
"version": "1.1.15"
},
{
"status": "affected",
"version": "1.1.16"
},
{
"status": "affected",
"version": "1.1.17"
},
{
"status": "affected",
"version": "1.1.18"
},
{
"status": "affected",
"version": "1.1.19"
},
{
"status": "affected",
"version": "1.1.20"
},
{
"status": "affected",
"version": "1.1.21"
},
{
"status": "affected",
"version": "1.1.22"
},
{
"status": "affected",
"version": "1.1.23"
},
{
"status": "affected",
"version": "1.1.24"
},
{
"status": "affected",
"version": "1.1.25"
},
{
"status": "affected",
"version": "1.1.26"
},
{
"status": "affected",
"version": "1.1.27"
},
{
"status": "affected",
"version": "1.1.28"
},
{
"status": "affected",
"version": "1.1.29"
},
{
"status": "affected",
"version": "1.1.30"
},
{
"status": "affected",
"version": "1.1.31"
},
{
"status": "affected",
"version": "1.1.32"
},
{
"status": "affected",
"version": "1.1.33"
},
{
"status": "affected",
"version": "1.1.34"
},
{
"status": "affected",
"version": "1.1.35"
},
{
"status": "affected",
"version": "1.1.36"
},
{
"status": "affected",
"version": "1.1.37"
},
{
"status": "affected",
"version": "1.1.38"
},
{
"status": "affected",
"version": "1.1.39"
},
{
"status": "affected",
"version": "1.1.40"
},
{
"status": "affected",
"version": "1.1.41"
},
{
"status": "affected",
"version": "1.1.42"
},
{
"status": "affected",
"version": "1.1.43"
},
{
"status": "affected",
"version": "1.1.44"
},
{
"status": "affected",
"version": "1.1.45"
},
{
"status": "affected",
"version": "1.1.46"
},
{
"status": "affected",
"version": "1.1.47"
},
{
"status": "affected",
"version": "1.1.48"
},
{
"status": "affected",
"version": "1.1.49"
},
{
"status": "affected",
"version": "1.1.50"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T14:32:08.392Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338577 | D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338577"
},
{
"name": "VDB-338577 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338577"
},
{
"name": "Submit #723555 | D-Link DWR-M920 V1.1.50 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.723555"
},
{
"tags": [
"patch"
],
"url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md"
},
{
"tags": [
"exploit",
"patch"
],
"url": "https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-28T10:15:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15192",
"datePublished": "2025-12-29T14:32:08.392Z",
"dateReserved": "2025-12-28T09:10:12.267Z",
"dateUpdated": "2025-12-29T16:11:38.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…