D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow_CVE-2025-13304

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

AI Analysis

Buffer overflow vulnerability in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M via manipulation of the 'host' argument in the /boafrm/formPingDiagnosticRun file, allowing remote exploitation.

Basic Information

ID CVE-2025-13304

Source VulDB

Published Nov 17, 2025 at 22:32

Affected Product

Vendor D-Link

Product DWR-M920

Version 1.01.07

Affected Versions D-Link DWR-M920 1.01.07
D-Link DWR-M920 1.1.47
D-Link DWR-M921 1.01.07
D-Link DWR-M921 1.1.47
D-Link DWR-M960 1.01.07
D-Link DWR-M960 1.1.47
D-Link DWR-M961 1.01.07
D-Link DWR-M961 1.1.47
D-Link DIR-825M 1.01.07
D-Link DIR-825M 1.1.47

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor D-Link

Product DWR-M920, DWR-M921, DWR-M960, DWR-M961, DIR-825M

Version 1.01.07, 1.1.47

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.",
    "published": "2025-11-17T22:32:07.051Z",
    "modified": "2025-11-17T22:32:07.051Z",
    "type": "cve",
    "title": "D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332644\nhttps://vuldb.com/?ctiid.332644\nhttps://vuldb.com/?submit.691808\nhttps://vuldb.com/?submit.691810\nhttps://vuldb.com/?submit.691812\nhttps://vuldb.com/?submit.691817\nhttps://vuldb.com/?submit.691821\nhttps://github.com/LX-LX88/cve/issues/11\nhttps://www.dlink.com/",
    "id": "CVE-2025-13304",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DWR-M920 1.01.07\nD-Link DWR-M920 1.1.47\nD-Link DWR-M921 1.01.07\nD-Link DWR-M921 1.1.47\nD-Link DWR-M960 1.01.07\nD-Link DWR-M960 1.1.47\nD-Link DWR-M961 1.01.07\nD-Link DWR-M961 1.1.47\nD-Link DIR-825M 1.01.07\nD-Link DIR-825M 1.1.47",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DWR-M920",
    "version": "1.01.07",
    "vendor": "D-Link",
    "ai_description": "Buffer overflow vulnerability in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M via manipulation of the 'host' argument in the /boafrm/formPingDiagnosticRun file, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DWR-M920, DWR-M921, DWR-M960, DWR-M961, DIR-825M",
    "ai_version": "1.01.07, 1.1.47",
    "ai_score": 8.7
}