CVE-2025-15191: Command Injection in D-Link DWR-M920
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVE-2025-15191: Command Injection in D-Link DWR-M920
Description
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-12-28T09:10:09.118Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69528d1e71a94549f126ddff
Added to database: 12/29/2025, 2:15:58 PM
Last updated: 12/29/2025, 2:16:06 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-57460: n/a
UnknownCVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920
HighCVE-2025-15189: Buffer Overflow in D-Link DWR-M920
HighCVE-2025-15188: Cross Site Scripting in Campcodes Complete Online Beauty Parlor Management System
MediumCVE-2025-15156: NULL Pointer Dereference in omec-project UPF
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.