Lucene search
+L

19 matches found

RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.12 views

CVE-2026-1624

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.17 views

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/30 12:31 a.m.6 views

EUVD-2026-4938

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

6.5CVSS5.7AI score0.02568EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/29 10:2 p.m.4 views

CVE-2026-1625 D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

6.5CVSS5.2AI score0.02568EPSS
Exploits0References5
CVE
CVE
added 2026/01/29 10:2 p.m.28 views

CVE-2026-1625

CVE-2026-1625 affects D-Link DWR-M961 firmware 1.1.47. The vulnerability is in the SMS Message component, specifically sub_4250E0 in /boafrm/formSmsManage, where manipulating the action_value argument leads to command injection. The attack can be initiated remotely and an exploit is public. The c...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 10:2 p.m.5 views

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

6.5CVSS5.3AI score0.02568EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/29 10:2 p.m.41 views

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

6.5CVSS0.02568EPSS
Exploits0References5
CVE
CVE
added 2026/01/29 10:2 p.m.23 views

CVE-2026-1624

The data confirms a concrete vulnerability in D-Link DWR-M961 v1.1.47 affecting an unknown function in /boafrm/formLtefotaUpgradeFibocom. Manipulation of the argument fota_url enables command injection, with remote exploitation and publicly disclosed exploit information. No remediation details or...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/29 3:32 p.m.36 views

CVE-2026-1596

The CVE-2026-1596 entry affects D-Link DWR-M961 firmware 1.1.47, specifically the function sub_419920 in /boafrm/formLtefotaUpgradeQuectel. The vulnerability arises from manipulation of the fota_url argument, enabling remote command injection. Public exploitations exist, indicating potential in-t...

8.8CVSS5.6AI score0.01813EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.15 views

PT-2026-5307

Name of the Vulnerable Software and Affected Versions D-Link DWR-M961 version 1.1.47 Description A flaw exists in D-Link DWR-M961 version 1.1.47 that allows for command injection. This issue is related to the sub 419920 function within the /boafrm/formLtefotaUpgradeQuectel file. Manipulation of t...

8.8CVSS6.9AI score0.01813EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.7 views

D-Link DWR-M961 has a command injection vulnerability

The D-Link DWR-M961 is a router produced by D-Link Corporation. Version 1.1.47 of the D-Link DWR-M961 contains a command injection vulnerability. This vulnerability arises from incorrect operations on the parameter actionvalue in the file /boafrm/formSmsManage, which may lead to command injection...

8.8CVSS6.6AI score0.02568EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/18 10:49 p.m.10 views

CVE-2025-13304

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

9CVSS7.3AI score0.00807EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-11833

Malicious code in bioql PyPI...

9CVSS8.8AI score0.09111EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the /boafrm/formStaticDHCP file of the Authorization Interface component in D-Link DWR-M961 microprogrammed router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /boafrm/formStaticDHCP file of the Authorization Interface component in D-Link DWR-M961 routers’ microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

9CVSS8AI score0.09111EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/18 9:15 a.m.6 views

CVE-2025-3785

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can ...

8.7CVSS6.4AI score0.09111EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/18 8:31 a.m.8 views

CVE-2025-3785 D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can ...

9CVSS7.5AI score0.09111EPSS
Exploits0References5
CVE
CVE
added 2025/04/18 8:31 a.m.75 views

CVE-2025-3785

The CVE-2025-3785 entry concerns D-Link DWR-M961 (version 1.1.36) and affects the Authorization Interface component, specifically the /boafrm/formStaticDHCP file. The root cause is improper validation of the Hostname argument, causing a stack-based buffer overflow that can be triggered remotely. ...

9CVSS8.9AI score0.09111EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.5 views

D-Link DWR-M961 安全漏洞

The D-Link DWR-M961 is a router from China-based AUO D-Link. The D-Link DWR-M961 suffers from a buffer overflow vulnerability that originates from the parameter Hostname in the file /boafrm/formStaticDHCP that fails to properly validate the length of the input data, which can be exploited by an...

9CVSS9AI score0.09111EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.8 views

PT-2025-17260 · D Link · D-Link Dwr-M961

Name of the Vulnerable Software and Affected Versions: D-Link DWR-M961 version 1.1.36 Description: A critical vulnerability has been found in the Authorization Interface component of the D-Link DWR-M961, affecting the file /boafrm/formStaticDHCP. The manipulation of the Hostname argument leads to...

9CVSS8.7AI score0.09111EPSS
Exploits0References14
Rows per page
Query Builder