Description
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
Problem types
Product status
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26
1.1.27
1.1.28
1.1.29
1.1.30
1.1.31
1.1.32
1.1.33
1.1.34
1.1.35
1.1.36
1.1.37
1.1.38
1.1.39
1.1.40
1.1.41
1.1.42
1.1.43
1.1.44
1.1.45
1.1.46
1.1.47
1.1.48
1.1.49
1.1.50
Timeline
| 2025-12-28: | Advisory disclosed |
| 2025-12-28: | VulDB entry created |
| 2025-12-28: | VulDB entry last update |
Credits
panda_0x1 (VulDB User)
References
vuldb.com/?id.338574 (VDB-338574 | D-Link DWR-M920 formDefRoute sub_464794 buffer overflow)
vuldb.com/?ctiid.338574 (VDB-338574 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.723552 (Submit #723552 | D-Link DWR-M920 VV1.1.50 Buffer Overflow)
github.com/...vuls/blob/main/d-link/dwr-m920/formDefRoute.md
github.com/...vuls/blob/main/d-link/dwr-m920/formDefRoute.md
www.dlink.com/
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
