CVE-2025-13306

Summary

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Affected Software

VendorProductVersion RangeStatus
D-LinkDWR-M9201.1.5affected
D-LinkDWR-M9211.1.5affected
D-LinkDIR-822K1.1.5affected
D-LinkDIR-825M1.1.5affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References