CVE-2026-2168

A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fotaurl causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2026-2168

D-Link DWR-M921 (firmware 1.1.50) is affected by CVE-2026-2168. The vulnerability lies in the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel, where manipulation of the fota_url argument enables command injection. The issue can be exploited remotely and an exploit has been publi...

D-Link DWR-M921 命令注入漏洞

The D-Link DWR-M921 is a router produced by D-Link Corporation. Version 1.1.50 of the D-Link DWR-M921 contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter fotaurl in the file /boafrm/formLtefotaUpgradeQuectel, which may lead to command...

D-Link DWR-M921 命令注入漏洞

The D-Link DWR-M921 is a router produced by D-Link Corporation. Version 1.1.50 of the D-Link DWR-M921 contains a command injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file /boafrm/formLtefotaUpgradeFibocom, specifically the parameter fotaurl, whic...

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

CVE-2025-15192

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...