VYPR

Dwr M920 Firmware

by Dlink

CVEs (5)

  • CVE-2026-11339MedJun 5, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is…

  • CVE-2026-10878MedJun 5, 2026
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The…

  • CVE-2025-15192MedDec 29, 2025
    risk 0.41cvss 6.3epss 0.03

    A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely.…

  • CVE-2025-15191MedDec 29, 2025
    risk 0.41cvss 6.3epss 0.03

    A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The…

  • CVE-2025-13306MedNov 18, 2025
    risk 0.41cvss 6.3epss 0.07

    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack…