← Back

CVE-2025-13304

nvd nist
Published: Nov 17, 2025Modified: Dec 8, 2025

JSON object

Loading...
7.4
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)

Description

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

Affected (10)

Dlink
5 products
Dir 825m Firmware
Dwr M920 Firmware
Dwr M921 Firmware
Dwr M961 Firmware
Dwr M960 Firmware
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dlink
Dir 825m Firmware
Version 1.01.07
Dir 825m Firmware
Version 1.1.47
Running on/withPlatform Versions
Dlink
Dir 825m
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dlink
Dwr M920 Firmware
Version 1.01.07
Dwr M920 Firmware
Version 1.1.47
Running on/withPlatform Versions
Dlink
Dwr M920
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dlink
Dwr M921 Firmware
Version 1.01.07
Dwr M921 Firmware
Version 1.1.47
Running on/withPlatform Versions
Dlink
Dwr M921
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dlink
Dwr M961 Firmware
Version 1.01.07
Dwr M961 Firmware
Version 1.1.47
Running on/withPlatform Versions
Dlink
Dwr M961
All versions
Configuration E
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dlink
Dwr M960 Firmware
Version 1.01.07
Dwr M960 Firmware
Version 1.1.47
Running on/withPlatform Versions
Dlink
Dwr M960
Version b1

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (10)

Source: cna@vuldb.com
ExploitIssue TrackingThird Party Advisory
Source: cna@vuldb.com
Permissions RequiredVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Product
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.