Dlink Dwr-M961 Firmware vulnerabilities

CVE-2026-1624 [MEDIUM] CWE-74 CVE-2026-1624: A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unk A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-1596 [MEDIUM] CWE-74 CVE-2026-1596: A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CVE-2026-1625 [MEDIUM] CWE-74 CVE-2026-1625: A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_425 A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The exploit is now public and may be used.

CVE-2025-13305 [HIGH] CWE-119 CVE-2025-13305: A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07 A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public

CVE-2025-13304 [HIGH] CWE-119 CVE-2025-13304: A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1. A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public a

CVE-2025-3785 [HIGH] CWE-119 CVE-2025-3785: A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerabil A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to t