CNNVD-202511-1849 Information

Nov 17, 2025 cve

CNNVD ID

CNNVD-202511-1849

CVE-2025-13304

CNNVD Published: 2025-11-17

Description (Chinese)

D-Link DWR-M920等都是中国友讯（D-Link）公司的一款路由器。 D-Link多款产品存在安全漏洞，该漏洞源于对文件/boafrm/formPingDiagnosticRun中参数host的错误操作，可能导致缓冲区溢出。以下产品及版本受到影响：DWR-M920、DWR-M921、DWR-M960、DWR-M961和DIR-825M 1.01.07版本至1.1.47版本。

Description (English)

D-Link DWR-M920 is a router for the Chinese company D-Link. There is a security loophole in D-Link ’ s multiple products, which stems from a mishandling of the parameter post in the document/boafrm/formPingDiagnostic Run, which could lead to a spill out of the buffer zone. The following products and versions were affected: DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M Version 1.0.07 to 1.1.47.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

友讯

Published

2025-11-17

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.332644 https://vuldb.com/?submit.691808 https://vuldb.com/?submit.691810 https://vuldb.com/?submit.691821 https://www.dlink.com/ https://vuldb.com/?submit.691812 https://github.com/LX-LX88/cve/issues/11 https://vuldb.com/?submit.691817 https://vuldb.com/?id.332644 https://access.redhat.com/security/cve/cve-2025-13304

Share on: