CVE-2025-13305 - Vulnerability Details

- D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow

Description

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

Published: 2025-11-17

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DWR-M920

affected

Version	Status	Constraints
`1.01.07`	affected	—

D-Link

DWR-M921

affected

Version	Status	Constraints
`1.01.07`	affected	—

D-Link

DWR-M960

affected

Version	Status	Constraints
`1.01.07`	affected	—

D-Link

DIR-822K

affected

Version	Status	Constraints
`1.01.07`	affected	—

D-Link

DIR-825M

affected

Version	Status	Constraints
`1.01.07`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-825m_firmware:1.01.07:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-825m:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:dwr-m920_firmware:1.01.07:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dwr-m920:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dlink:dwr-m921_firmware:1.01.07:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dwr-m921:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dlink:dwr-m961_firmware:1.01.07:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dwr-m961:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dwr-m960:b1:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Dir-822	—	—
D-link	Dir-825	—	—
D-link	Dwr-920	—	—
D-link	Dwr-921	—	—
D-link	Dwr-960	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00594.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/LX-LX88/cve/issues/12
https://vuldb.com/?ctiid.332645
https://vuldb.com/?id.332645
https://vuldb.com/?submit.691809
https://vuldb.com/?submit.691816
https://vuldb.com/?submit.693784
https://vuldb.com/?submit.693806
https://vuldb.com/?submit.695424
https://www.dlink.com/

History

Mon, 08 Dec 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-825m Dlink dir-825m Firmware Dlink dwr-m920 Dlink dwr-m920 Firmware Dlink dwr-m921 Dlink dwr-m921 Firmware Dlink dwr-m960 Dlink dwr-m960 Firmware Dlink dwr-m961 Dlink dwr-m961 Firmware
CPEs		cpe:2.3:h:dlink:dir-825m:-:::::::* cpe:2.3:h:dlink:dwr-m920:-:::::::* cpe:2.3:h:dlink:dwr-m921:-:::::::* cpe:2.3:h:dlink:dwr-m960:b1:::::::* cpe:2.3:h:dlink:dwr-m961:-:::::::* cpe:2.3:o:dlink:dir-825m_firmware:1.01.07:::::::* cpe:2.3:o:dlink:dwr-m920_firmware:1.01.07:::::::* cpe:2.3:o:dlink:dwr-m921_firmware:1.01.07:::::::* cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:::::::* cpe:2.3:o:dlink:dwr-m961_firmware:1.01.07:::::::*
Vendors & Products		Dlink Dlink dir-825m Dlink dir-825m Firmware Dlink dwr-m920 Dlink dwr-m920 Firmware Dlink dwr-m921 Dlink dwr-m921 Firmware Dlink dwr-m960 Dlink dwr-m960 Firmware Dlink dwr-m961 Dlink dwr-m961 Firmware

Tue, 18 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 18 Nov 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-822 D-link dir-825 D-link dwr-920 D-link dwr-921 D-link dwr-960
Vendors & Products		D-link D-link dir-822 D-link dir-825 D-link dwr-920 D-link dwr-921 D-link dwr-960

Mon, 17 Nov 2025 23:15:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Title		D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://github.com/LX-LX88/cve/issues/12 https://vuldb.com/?ctiid.332645 https://vuldb.com/?id.332645 https://vuldb.com/?submit.691809 https://vuldb.com/?submit.691816 https://vuldb.com/?submit.693784 https://vuldb.com/?submit.693806 https://vuldb.com/?submit.695424 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-822 Dir-825 Dwr-920 Dwr-921 Dwr-960

Dlink Dir-825m Dir-825m Firmware Dwr-m920 Dwr-m920 Firmware Dwr-m921 Dwr-m921 Firmware Dwr-m960 Dwr-m960 Firmware Dwr-m961 Dwr-m961 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-11-17T23:02:06.147Z

Updated: 2025-11-18T14:41:07.089Z

Reserved: 2025-11-17T14:12:10.254Z

Link: CVE-2025-13305

Vulnrichment

Updated: 2025-11-18T14:41:01.172Z

NVD

Status : Analyzed

Published: 2025-11-17T23:15:49.183

Modified: 2025-12-08T14:35:13.063

Link: CVE-2025-13305

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-11-18T09:05:48Z

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object