CNNVD-202512-4985 Information

Dec 29, 2025 cve

CNNVD ID

CNNVD-202512-4985

CVE-2025-15193

CNNVD Published: 2025-12-29

Description (Chinese)

D-Link DWR-M920是中国友讯（D-Link）公司的一款路由器。 D-Link DWR-M920 1.1.50及之前版本存在安全漏洞，该漏洞源于对文件/boafrm/formParentControl中参数submit-url的错误操作，可能导致缓冲区溢出攻击。

Description (English)

D-Link DWR-M920 is a router for the Chinese company D-Link. There is a security loophole in D-Link DWR-M920 1.1.50 and earlier versions, which stems from an error in the operation of the parameters submit-url in the document/boafrm/formParentControl, which could lead to an attack on the buffer zone.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

友讯

Published

2025-12-29

Last Modified

2026-02-24

References

https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md#poc https://vuldb.com/?ctiid.338578 https://www.dlink.com/ https://vuldb.com/?submit.723556 https://vuldb.com/?id.338578 https://access.redhat.com/security/cve/cve-2025-15193

Share on: