CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

EUVD-2026-34859

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

EUVD-2026-5780

A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

D-Link DWR-M921 命令注入漏洞

The D-Link DWR-M921 is a router produced by D-Link Corporation. Version 1.1.50 of the D-Link DWR-M921 contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter fotaurl in the file /boafrm/formLtefotaUpgradeQuectel, which may lead to command...

D-Link DWR-M921 命令注入漏洞

The D-Link DWR-M921 is a router produced by D-Link Corporation. Version 1.1.50 of the D-Link DWR-M921 contains a command injection vulnerability. This vulnerability arises from incorrect operations on the parameter usdValue in the sub419F20 function of the USSD Configuration Endpoint...

EUVD-2025-205578

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be us...

EUVD-2025-205577

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public...

EUVD-2025-205586

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fotaurl causes command injection. Remote exploitation of the attack is possible. The exploit has been mad...

CVE-2025-15192

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...

CVE-2025-15192

CVE-2025-15192 affects D-Link DWR-M920 (firmware

CVE-2025-15191

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fotaurl causes command injection. Remote exploitation of the attack is possible. The exploit has been mad...

CVE-2025-15190

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public...

CVE-2025-15189

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be us...

CVE-2025-15189 D-Link DWR-M920 formDefRoute sub_464794 buffer overflow

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be us...

CVE-2025-15189 D-Link DWR-M920 formDefRoute sub_464794 buffer overflow

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be us...

PT-2025-53718

Name of the Vulnerable Software and Affected Versions D-Link DWR-M920 versions up to 1.1.50 Description A flaw exists in D-Link DWR-M920 devices running versions up to 1.1.50. This issue involves the manipulation of the fota url argument within the sub 4155B4 function located in the file...

D-Link DWR-M920 安全漏洞

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a stack buffer overflow vulnerability that stems from incorrect manipulation of the parameter ip6addr in the function sub42261C in the file /boafrm/formFilter, for which no detailed...

D-Link DWR-M920 安全漏洞

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub423848 in the file /boafrm/formParentControl, for which no...

PT-2025-53723

Name of the Vulnerable Software and Affected Versions D-Link DWR-M920 versions up to 1.1.50 Description A security issue exists in D-Link DWR-M920. Manipulation of the fota url argument within the sub 415328 function of the /boafrm/formLtefotaUpgradeQuectel file can lead to command injection. Thi...