CVE-2026-2169 D-Link DWR-M921 formLtefotaUpgradeFibocom command injection

A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2026-2169

CVE-2026-2169 affects the D-Link DWR‑M921 (firmware 1.1.50). The vulnerability resides in the /boafrm/formLtefotaUpgradeFibocom component where manipulation of the fota_url argument enables command injection. It allows remote exploitation and has been publicly disclosed. Public documents do not p...

D-Link DWR-M921 命令注入漏洞

The D-Link DWR-M921 is a router produced by D-Link Corporation. Version 1.1.50 of the D-Link DWR-M921 contains a command injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file /boafrm/formLtefotaUpgradeFibocom, specifically the parameter fotaurl, whic...

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

CVE-2026-1624

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

CVE-2026-1624

The data confirms a concrete vulnerability in D-Link DWR-M961 v1.1.47 affecting an unknown function in /boafrm/formLtefotaUpgradeFibocom. Manipulation of the argument fota_url enables command injection, with remote exploitation and publicly disclosed exploit information. No remediation details or...

D-Link DWR-M920 Command Injection Vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter fotaurl in the function sub4155B4 in the file /boafrm/formLtefotaUpgradeFibocom, for which n...

D-Link DWR-M920 命令注入漏洞

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter fotaurl in the function sub4155B4 in the file /boafrm/formLtefotaUpgradeFibocom, for which n...