Description
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Problem types
Product status
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26
1.1.27
1.1.28
1.1.29
1.1.30
1.1.31
1.1.32
1.1.33
1.1.34
1.1.35
1.1.36
1.1.37
1.1.38
1.1.39
1.1.40
1.1.41
1.1.42
1.1.43
1.1.44
1.1.45
1.1.46
1.1.47
1.1.48
1.1.49
1.1.50
Timeline
| 2025-12-28: | Advisory disclosed |
| 2025-12-28: | VulDB entry created |
| 2025-12-28: | VulDB entry last update |
Credits
panda_0x1 (VulDB User)
References
vuldb.com/?id.338578 (VDB-338578 | D-Link DWR-M920 formParentControl sub_423848 buffer overflow)
vuldb.com/?ctiid.338578 (VDB-338578 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.723556 (Submit #723556 | D-Link DWR-M920 V1.1.50 Buffer Overflow)
github.com/...blob/main/d-link/dwr-m920/formParentControl.md
github.com/...blob/main/d-link/dwr-m920/formParentControl.md
www.dlink.com/
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
