19 matches found
CVE-2026-1624
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...
CVE-2026-1625
A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...
EUVD-2026-4938
A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...
CVE-2026-1625 D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection
A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...
CVE-2026-1625
CVE-2026-1625 affects D-Link DWR-M961 firmware 1.1.47. The vulnerability is in the SMS Message component, specifically sub_4250E0 in /boafrm/formSmsManage, where manipulating the action_value argument leads to command injection. The attack can be initiated remotely and an exploit is public. The c...
CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...
CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...
CVE-2026-1624
The data confirms a concrete vulnerability in D-Link DWR-M961 v1.1.47 affecting an unknown function in /boafrm/formLtefotaUpgradeFibocom. Manipulation of the argument fota_url enables command injection, with remote exploitation and publicly disclosed exploit information. No remediation details or...
CVE-2026-1596
The CVE-2026-1596 entry affects D-Link DWR-M961 firmware 1.1.47, specifically the function sub_419920 in /boafrm/formLtefotaUpgradeQuectel. The vulnerability arises from manipulation of the fota_url argument, enabling remote command injection. Public exploitations exist, indicating potential in-t...
PT-2026-5307
Name of the Vulnerable Software and Affected Versions D-Link DWR-M961 version 1.1.47 Description A flaw exists in D-Link DWR-M961 version 1.1.47 that allows for command injection. This issue is related to the sub 419920 function within the /boafrm/formLtefotaUpgradeQuectel file. Manipulation of t...
D-Link DWR-M961 has a command injection vulnerability
The D-Link DWR-M961 is a router produced by D-Link Corporation. Version 1.1.47 of the D-Link DWR-M961 contains a command injection vulnerability. This vulnerability arises from incorrect operations on the parameter actionvalue in the file /boafrm/formSmsManage, which may lead to command injection...
CVE-2025-13304
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...
EUVD-2025-11833
Malicious code in bioql PyPI...
The vulnerability of the /boafrm/formStaticDHCP file of the Authorization Interface component in D-Link DWR-M961 microprogrammed router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the /boafrm/formStaticDHCP file of the Authorization Interface component in D-Link DWR-M961 routers’ microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
CVE-2025-3785
A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can ...
CVE-2025-3785 D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow
A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can ...
CVE-2025-3785
The CVE-2025-3785 entry concerns D-Link DWR-M961 (version 1.1.36) and affects the Authorization Interface component, specifically the /boafrm/formStaticDHCP file. The root cause is improper validation of the Hostname argument, causing a stack-based buffer overflow that can be triggered remotely. ...
D-Link DWR-M961 安全漏洞
The D-Link DWR-M961 is a router from China-based AUO D-Link. The D-Link DWR-M961 suffers from a buffer overflow vulnerability that originates from the parameter Hostname in the file /boafrm/formStaticDHCP that fails to properly validate the length of the input data, which can be exploited by an...
PT-2025-17260 · D Link · D-Link Dwr-M961
Name of the Vulnerable Software and Affected Versions: D-Link DWR-M961 version 1.1.36 Description: A critical vulnerability has been found in the Authorization Interface component of the D-Link DWR-M961, affecting the file /boafrm/formStaticDHCP. The manipulation of the Hostname argument leads to...