Filtered by vendor D-link Subscriptions
Filtered by product Dwr-m920 Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-15191 1 D-link 1 Dwr-m920 2025-12-29 6.3 Medium
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVE-2025-15193 1 D-link 1 Dwr-m920 2025-12-29 8.8 High
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2025-15190 1 D-link 1 Dwr-m920 2025-12-29 8.8 High
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-15189 1 D-link 1 Dwr-m920 2025-12-29 8.8 High
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-15192 1 D-link 1 Dwr-m920 2025-12-29 6.3 Medium
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.