CVE-2025-15193

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and ma...

high 8.8 CVSS 3.1
Published: Dec 29, 2025
Modified: Dec 30, 2025
Vendor: Dlink
Product: Dwr-M920 Firmware

Description

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

References

Related CVEs

CVE-2026-7288 high · 8.8
A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argumen
CVE-2026-7289 high · 8.8
A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url
CVE-2026-7247 high · 7.2
A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handle
CVE-2026-7248 critical · 9.8
A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument
CVE-2025-15245 low · 3.5
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFil
CVE-2025-15194 critical · 9.8
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler.