D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection_CVE-2025-13306

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2025-13306

Source VulDB

Published Nov 17, 2025 at 23:32

Affected Product

Vendor D-Link

Product DWR-M920

Version 1.1.5

Affected Versions D-Link DWR-M920 1.1.5
D-Link DWR-M921 1.1.5
D-Link DIR-822K 1.1.5
D-Link DIR-825M 1.1.5

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.",
    "published": "2025-11-17T23:32:06.249Z",
    "modified": "2025-11-17T23:32:06.249Z",
    "type": "cve",
    "title": "D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332646\nhttps://vuldb.com/?ctiid.332646\nhttps://vuldb.com/?submit.691813\nhttps://vuldb.com/?submit.693805\nhttps://vuldb.com/?submit.693807\nhttps://vuldb.com/?submit.695426\nhttps://github.com/LX-LX88/cve/issues/15\nhttps://www.dlink.com/",
    "id": "CVE-2025-13306",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "D-Link DWR-M920 1.1.5\nD-Link DWR-M921 1.1.5\nD-Link DIR-822K 1.1.5\nD-Link DIR-825M 1.1.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DWR-M920",
    "version": "1.1.5",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}