PT-2025-47842 · D Link · Dir-822+1
Hhsw34
·
Published
2025-11-12
·
Updated
2025-12-02
·
CVE-2025-13550
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50
D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50
Description
A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 devices. The issue is due to the manipulation of the
submit-url argument within the /boafrm/formVpnConfigSetup file. Exploitation of this issue can be performed remotely through the formVpnConfigSetup function. A public exploit is available.Recommendations
For D-Link DIR-822K version 1.00 20250513164613, restrict access to the
/boafrm/formVpnConfigSetup file.
For D-Link DIR-822K version 1.1.50, restrict access to the /boafrm/formVpnConfigSetup file.
For D-Link DWR-M920 version 1.00 20250513164613, restrict access to the /boafrm/formVpnConfigSetup file.
For D-Link DWR-M920 version 1.1.50, restrict access to the /boafrm/formVpnConfigSetup file.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dir-822
Dwr-M920