Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/01/29 10:2 p.m.22 views

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

6.5CVSS0.02336EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/01/29 10:2 p.m.5 views

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

6.5CVSS5.3AI score0.02336EPSS
Exploits0References5
CVE
CVEadded 2026/01/29 10:2 p.m.12 views

CVE-2026-1624

The data confirms a concrete vulnerability in D-Link DWR-M961 v1.1.47 affecting an unknown function in /boafrm/formLtefotaUpgradeFibocom. Manipulation of the argument fota_url enables command injection, with remote exploitation and publicly disclosed exploit information. No remediation details or...

8.8CVSS5.7AI score0.02336EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/01/29 10:2 p.m.8 views

CVE-2026-1624

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

6.5CVSS5.7AI score0.02336EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/29 12:0 a.m.10 views

PT-2026-5366

Name of the Vulnerable Software and Affected Versions D-Link DWR-M961 version 1.1.47 Description A flaw exists in the SMS Message component of D-Link DWR-M961 version 1.1.47. Specifically, the sub 4250E0 function within the /boafrm/formSmsManage file is susceptible to command injection. This occu...

6.5CVSS6AI score0.02336EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/01/29 12:0 a.m.6 views

PT-2026-5307

Name of the Vulnerable Software and Affected Versions D-Link DWR-M961 version 1.1.47 Description A flaw exists in D-Link DWR-M961 version 1.1.47 that allows for command injection. This issue is related to the sub 419920 function within the /boafrm/formLtefotaUpgradeQuectel file. Manipulation of t...

8.8CVSS6.9AI score0.01648EPSS
Exploits0References8
CNNVD
CNNVDadded 2026/01/29 12:0 a.m.4 views

D-Link DWR-M961 has a command injection vulnerability

The D-Link DWR-M961 is a router produced by D-Link Corporation. Version 1.1.47 of the D-Link DWR-M961 contains a command injection vulnerability. This vulnerability arises from incorrect operations on the parameter actionvalue in the file /boafrm/formSmsManage, which may lead to command injection...

8.8CVSS6.6AI score0.02336EPSS
Exploits0References6
Rows per page
Query Builder