CVE-2025-13304

🗓️ 17 Nov 2025 22:32:07Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 9 Views🌐 WEB

CVE-2025-13304 affects D-Link models; buffer overflow in formPingDiagnosticRun via host parameter.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-13304	17 Nov 202522:43	–	circl
CNNVD	D-Link多款产品安全漏洞	17 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-13304 D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow	17 Nov 202522:32	–	cvelist
EUVD	EUVD-2025-197897	17 Nov 202522:32	–	euvd
NVD	CVE-2025-13304	17 Nov 202523:15	–	nvd
Positive Technologies	PT-2025-47212	9 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-13304	18 Nov 202522:49	–	redhatcve
Vulnrichment	CVE-2025-13304 D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow	17 Nov 202522:32	–	vulnrichment

NVD

Vulners

Node

dlink dir-825m_firmwareMatch1.01.07

dlink dir-825m_firmwareMatch1.1.47

AND

dlink dir-825mMatch-

Node

dlink dwr-m920_firmwareMatch1.01.07

dlink dwr-m920_firmwareMatch1.1.47

AND

dlink dwr-m920Match-

Node

dlink dwr-m921_firmwareMatch1.01.07

dlink dwr-m921_firmwareMatch1.1.47

AND

dlink dwr-m921Match-

Node

dlink dwr-m961_firmwareMatch1.01.07

dlink dwr-m961_firmwareMatch1.1.47

AND

dlink dwr-m961Match-

Node

dlink dwr-m960_firmwareMatch1.01.07

dlink dwr-m960_firmwareMatch1.1.47

AND

dlink dwr-m960Matchb1

[
  {
    "vendor": "D-Link",
    "product": "DWR-M920",
    "versions": [
      {
        "version": "1.01.07",
        "status": "affected"
      },
      {
        "version": "1.1.47",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DWR-M921",
    "versions": [
      {
        "version": "1.01.07",
        "status": "affected"
      },
      {
        "version": "1.1.47",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DWR-M960",
    "versions": [
      {
        "version": "1.01.07",
        "status": "affected"
      },
      {
        "version": "1.1.47",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DWR-M961",
    "versions": [
      {
        "version": "1.01.07",
        "status": "affected"
      },
      {
        "version": "1.1.47",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DIR-825M",
    "versions": [
      {
        "version": "1.01.07",
        "status": "affected"
      },
      {
        "version": "1.1.47",
        "status": "affected"
      }
    ]
  }
]

Source	Link
dlink	www.dlink.com/
vuldb	www.vuldb.com/
github	www.github.com/LX-LX88/cve/issues/11
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
host	request body	/boafrm/formPingDiagnosticRun	Buffer overflow via manipulation of the host argument in the formPingDiagnosticRun endpoint.	CWE-119, CWE-120

08 Dec 2025 14:12Current

8.7High risk

Vulners AI Score8.7

CVSS 48.7

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.00587

SSVC