CVE-2026-1596

A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fotaurl causes command injection. The attack is possible to be carried out remotely. The exploit has been published a...

CVE-2026-1596

The CVE-2026-1596 entry affects D-Link DWR-M961 firmware 1.1.47, specifically the function sub_419920 in /boafrm/formLtefotaUpgradeQuectel. The vulnerability arises from manipulation of the fota_url argument, enabling remote command injection. Public exploitations exist, indicating potential in-t...

D-Link DWR-M961 has a command injection vulnerability

The D-Link DWR-M961 is a router produced by D-Link Corporation. Version 1.1.47 of the D-Link DWR-M961 contains a command injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file /boafrm/formLtefotaUpgradeFibocom, specifically the parameter fotaurl, which...

PT-2025-53723

Name of the Vulnerable Software and Affected Versions D-Link DWR-M920 versions up to 1.1.50 Description A security issue exists in D-Link DWR-M920. Manipulation of the fota url argument within the sub 415328 function of the /boafrm/formLtefotaUpgradeQuectel file can lead to command injection. Thi...