CVE-2025-13304

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-13304
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://github.com/LX-LX88/cve/issues/11 Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.332644 Permissions Required VDB Entry
https://vuldb.com/?id.332644 Third Party Advisory VDB Entry
https://vuldb.com/?submit.691808 Third Party Advisory VDB Entry
https://vuldb.com/?submit.691810 Third Party Advisory VDB Entry
https://vuldb.com/?submit.691812 Third Party Advisory VDB Entry
https://vuldb.com/?submit.691817 Third Party Advisory VDB Entry
https://vuldb.com/?submit.691821 Third Party Advisory VDB Entry
https://www.dlink.com/ Product
https://github.com/LX-LX88/cve/issues/11 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dir-825m_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-825m_firmware:1.1.47:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825m:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:dlink:dwr-m920_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m920_firmware:1.1.47:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m920:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:dlink:dwr-m921_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m921_firmware:1.1.47:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m921:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:dlink:dwr-m961_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m961_firmware:1.1.47:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m961:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m960_firmware:1.1.47:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m960:b1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-11-17 23:15

Updated : 2025-12-08 14:12

NVD link : CVE-2025-13304

Mitre link : CVE-2025-13304

CVE.ORG link : CVE-2025-13304

JSON object : View

Products Affected

dlink

  • dwr-m920
  • dwr-m921_firmware
  • dir-825m
  • dwr-m961_firmware
  • dir-825m_firmware
  • dwr-m960_firmware
  • dwr-m921
  • dwr-m960
  • dwr-m920_firmware
  • dwr-m961
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')