CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 3 hours ago•4 views

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

CVE•added 3 hours ago•5 views

CVE-2026-11341

The CVE-2026-11341 affects the D-Link DWR-M920 series up to firmware 1.1.50. The vulnerability is in the function sub_412DA0 of /boafrm/formIMEISetup, where improper handling of the IMEI_value enables an OS command injection. What is vulnerable: the specific function and file path in the device’s...

6.5CVSS6.4AI score

ATTACKERKB•added 3 hours ago•2 views

CVE-2026-11341

6.5CVSS6.3AI score

Exploits0References6Affected Software1

Cvelist•added 3 hours ago•3 views

CVE-2026-11341 D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection

Cvelist•added 3 hours ago•7 views

CVE-2026-11339 D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection

ATTACKERKB•added 3 hours ago•2 views

CVE-2026-11339

6.5CVSS6.4AI score

Exploits0References6Affected Software1

NVD•added 19 hours ago•3 views

CVE-2026-10878

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

8.8CVSS

Exploits1References6

CVE•added 20 hours ago•8 views

CVE-2026-10878

8.8CVSS6.5AI score

Exploits1References6Affected Software1

Cvelist•added 20 hours ago•8 views

CVE-2026-10878 D-Link DWR-M920 formSmsManage sub_41C8E8 command injection

EUVD•added 20 hours ago•4 views

Exploits1References6

EUVD-2026-34775

8.8CVSS6.5AI score

Exploits1References6

Positive Technologies•added 20 hours ago•7 views

PT-2026-46838

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub 41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action value results in command injection. The attack is possible to be carried out remotely. The exploit is now public a...

6.5CVSS6.5AI score

Exploits1References7

Positive Technologies•added 20 hours ago•3 views

PT-2026-47006

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub 412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

Positive Technologies•added 20 hours ago•6 views

Exploits0References7

PT-2026-46978

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub 41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may...

6.5CVSS6.4AI score

Exploits0References7

CNVD•added 2026/01/14 12:0 a.m.•4 views

D-Link DWR-M920 Command Injection Vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter fotaurl in the function sub4155B4 in the file /boafrm/formLtefotaUpgradeFibocom, for which n...

8.8CVSS5.9AI score0.00076EPSS

CNVD•added 2026/01/14 12:0 a.m.•1 views

D-Link DWR-M920 sub_423848 function buffer overflow vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub423848 in the file /boafrm/formParentControl, for which no...

9CVSS6AI score0.00198EPSS

RedhatCVE•added 2025/12/30 3:7 p.m.•2 views

CVE-2025-15193

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and...

9CVSS7AI score0.00198EPSS

RedhatCVE•added 2025/12/30 3:7 p.m.•3 views

CVE-2025-15192

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...

8.8CVSS6.9AI score0.00076EPSS

RedhatCVE•added 2025/12/30 2:5 p.m.•1 views

CVE-2025-15190

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public...

9CVSS7.1AI score0.00217EPSS