D-Link Dwr-M961 vulnerabilities

5 known vulnerabilities affecting d-link/dwr-m961.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-1624MEDIUMCVSS 5.3v1.1.472026-01-29
CVE-2026-1624 [MEDIUM] CWE-74 CVE-2026-1624: A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unk A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
cvelistv5nvd
CVE-2026-1596MEDIUMCVSS 5.3v1.1.472026-01-29
CVE-2026-1596 [MEDIUM] CWE-74 CVE-2026-1596: A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
cvelistv5nvd
CVE-2026-1625MEDIUMCVSS 5.3v1.1.472026-01-29
CVE-2026-1625 [MEDIUM] CWE-74 CVE-2026-1625: A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_425 A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The exploit is now public and may be used.
cvelistv5nvd
CVE-2025-13304HIGHCVSS 7.4v1.01.07v1.1.472025-11-17
CVE-2025-13304 [HIGH] CWE-119 CVE-2025-13304: A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1. A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public a
cvelistv5nvd
CVE-2025-3785HIGHCVSS 8.7v1.1.362025-04-18
CVE-2025-3785 [HIGH] CWE-119 CVE-2025-3785: A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerabil A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to t
cvelistv5nvd