CVE-2025-13306
published 2025-11-18CVE-2025-13306: A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file…
low2.1CVSS 4.0
AVNACLATNPRLUINVCLVILVALSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dir-822k | — | — |
| d-link | dir-825m | — | — |
| d-link | dwr-m920 | — | — |
| d-link | dwr-m921 | — | — |
| dlink | dir-822k_firmware | — | — |
| dlink | dir-825m_firmware | — | — |
| dlink | dwr-m920_firmware | — | — |
| dlink | dwr-m921_firmware | — | — |