EUVD-2026-14736

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handlerupdatesystemtime of the file libdeuteronmodules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only...

CVE-2026-2054

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

EUVD-2026-5662

A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made...

D-Link DIR-605L和D-Link DIR-619L 访问控制错误漏洞

The D-Link DIR-605L and D-Link DIR-619L are wireless routers produced by the Chinese company D-Link. The D-Link DIR-605L versions 2.06B01/2.13B01 and DIR-619L versions 2.06B01/2.13B01 have a vulnerability related to access control. This vulnerability stems from incorrect operations on the...

D-Link DIR-605L和D-Link DIR-619L 访问控制错误漏洞

The D-Link DIR-605L and D-Link DIR-619L are wireless routers produced by the Chinese company D-Link. The D-Link DIR-605L versions 2.06B01/2.13B01 and DIR-619L versions 2.06B01/2.13B01 have a vulnerability related to access control. This vulnerability stems from incorrect operations on the DHCP...

CVE-2013-7471

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort elemen...

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 CVSS score: 9.3, concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper...

CVE-2025-14659 D-Link DIR-860LB1/DIR-868LB1 DHCP command injection

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-37055link is external D-Link Routers Buffer Overflow Vulnerability CVE-2025-66644link is external Array Networks ArrayOS AG OS Command Injection...

D-Link Routers Buffer Overflow Vulnerability

D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

CVE-2025-13551

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. Th...

EUVD-2025-198565

A flaw has been found in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-13547

A flaw has been found in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used...

PT-2025-47843

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 routers. The issue is located in an unknown function...

CVE-2025-13306 D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...

CVE-2025-13305

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched...

CVE-2025-13304

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

CVE-2025-13305 D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched...

EUVD-2025-197882

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched...

CVE-2025-13305

CVE-2025-13305 affects multiple D-Link routers: DWR-M920, DWR-M921, DWR-M960, DIR-822K, and DIR-825M (version 1.01.07). The root cause is improper handling of the host argument in the file /boafrm/formTracerouteDiagnosticRun, which can lead to a buffer overflow. This vulnerability enables remote ...