PT-2025-47212 · D Link · Dir-825+4
Lx-Lx
·
Published
2025-11-09
·
Updated
2025-12-08
·
CVE-2025-13304
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M versions 1.01.07 through 1.1.47
Description
A security issue has been identified in D-Link routers, specifically affecting the models DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M. The flaw resides in the
/boafrm/formPingDiagnosticRun file and involves the handling of the host argument. Manipulation of this argument can lead to a buffer overflow. The attack can be initiated remotely. The exploit has been publicly released.Recommendations
D-Link DWR-M920 versions 1.01.07 through 1.1.47 should be updated.
D-Link DWR-M921 versions 1.01.07 through 1.1.47 should be updated.
D-Link DWR-M960 versions 1.01.07 through 1.1.47 should be updated.
D-Link DWR-M961 versions 1.01.07 through 1.1.47 should be updated.
D-Link DIR-825M versions 1.01.07 through 1.1.47 should be updated.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dir-825
Dwr-M920
Dwr-M921
Dwr-M960
Dwr-M961