CNNVD-202512-4979 Information
CNNVD ID
CNNVD-202512-4979
Related CVE
- CNNVD Published: 2025-12-29
Description (Chinese)
D-Link DWR-M920是中国友讯(D-Link)公司的一款路由器。 D-Link DWR-M920 1.1.50及之前版本存在命令注入漏洞,该漏洞源于对文件/boafrm/formLtefotaUpgradeQuectel中参数fota_url的错误操作,可能导致命令注入攻击。
Description (English)
D-Link DWR-M920 is a router for the Chinese company D-Link. 1.1.50 and previous versions of D-Link DWR-M920 1.1.50 contain a command-injecting loophole, which stems from an erroneous operation of the parameter Fota url in the file/boafrm/formLtefotaUpgradeQuttel, which could lead to an order-injection attack.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
友讯
Published
2025-12-29
Last Modified
2026-02-24
References
https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md https://vuldb.com/?ctiid.338577 https://www.dlink.com/ https://vuldb.com/?id.338577 https://vuldb.com/?submit.723555 https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeQuectel.md#poc https://access.redhat.com/security/cve/cve-2025-15192
Share on: