CVE-2025-13304
Essential information
- Published
- 17/11/2025 23:15
- Modified
- 08/12/2025 14:12
- Author
- —
- Creator
- —
- CVSS
- 7.4 HIGH (v3) 7.4 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- LOW
- User interaction
- NONE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- NONE
- Integrity (V)
- HIGH
- Integrity (S)
- NONE
- Availability (V)
- HIGH
- Availability (S)
- NONE
- Exploit maturity
- PROOF_OF_CONCEPT
Description
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
NVD status
- Status
- Analyzed — CVE has had analysis completed and all data associations made.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| dlink / dir-825m firmware | cpe:2.3:o:dlink:dir-825m_firmware:1.01.07:*:*:*:*:*:*:* |
| dlink / dir-825m firmware | cpe:2.3:o:dlink:dir-825m_firmware:1.1.47:*:*:*:*:*:*:* |
| dlink / dir-825m | cpe:2.3:h:dlink:dir-825m:-:*:*:*:*:*:*:* |
| dlink / dwr-m920 firmware | cpe:2.3:o:dlink:dwr-m920_firmware:1.01.07:*:*:*:*:*:*:* |
| dlink / dwr-m920 firmware | cpe:2.3:o:dlink:dwr-m920_firmware:1.1.47:*:*:*:*:*:*:* |
| dlink / dwr-m920 | cpe:2.3:h:dlink:dwr-m920:-:*:*:*:*:*:*:* |
| dlink / dwr-m921 firmware | cpe:2.3:o:dlink:dwr-m921_firmware:1.01.07:*:*:*:*:*:*:* |
| dlink / dwr-m921 firmware | cpe:2.3:o:dlink:dwr-m921_firmware:1.1.47:*:*:*:*:*:*:* |
| dlink / dwr-m921 | cpe:2.3:h:dlink:dwr-m921:-:*:*:*:*:*:*:* |
| dlink / dwr-m961 firmware | cpe:2.3:o:dlink:dwr-m961_firmware:1.01.07:*:*:*:*:*:*:* |
| dlink / dwr-m961 firmware | cpe:2.3:o:dlink:dwr-m961_firmware:1.1.47:*:*:*:*:*:*:* |
| dlink / dwr-m961 | cpe:2.3:h:dlink:dwr-m961:-:*:*:*:*:*:*:* |
| dlink / dwr-m960 firmware | cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:*:*:*:*:*:*:* |
| dlink / dwr-m960 firmware | cpe:2.3:o:dlink:dwr-m960_firmware:1.1.47:*:*:*:*:*:*:* |
| dlink / dwr-m960 | cpe:2.3:h:dlink:dwr-m960:b1:*:*:*:*:*:*:* |