CNNVD-202512-4977 Information
CNNVD ID
CNNVD-202512-4977
Related CVE
- CNNVD Published: 2025-12-29
Description (Chinese)
D-Link DWR-M920是中国友讯(D-Link)公司的一款路由器。 D-Link DWR-M920 1.1.50及之前版本存在命令注入漏洞,该漏洞源于对文件/boafrm/formLtefotaUpgradeFibocom中参数fota_url的错误操作,可能导致命令注入攻击。
Description (English)
D-Link DWR-M920 is a router for the Chinese company D-Link. 1.1.50 and previous versions of D-Link DWR-M920 1.1.50 contain a command-injecting loophole, which stems from the erroneous operation of the parameter Fota url in document/boafrm/formLtefotaUpgradeFibocom, which may result in an order-injection attack.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
友讯
Published
2025-12-29
Last Modified
2026-02-24
References
https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.md#poc https://vuldb.com/?id.338576 https://vuldb.com/?ctiid.338576 https://www.dlink.com/ https://vuldb.com/?submit.723554 https://access.redhat.com/security/cve/cve-2025-15191
Share on: