{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1625", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-29T14:49:36.915Z", "datePublished": "2026-01-29T22:02:13.222Z", "dateUpdated": "2026-02-23T09:07:33.474Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:07:33.474Z"}, "title": "D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "D-Link", "product": "DWR-M961", "versions": [{"version": "1.1.47", "status": "affected"}], "modules": ["SMS Message"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-29T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T17:25:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "hhsw34 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.343384", "name": "VDB-343384 | D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343384", "name": "VDB-343384 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.740792", "name": "Submit #740792 | D-Link DW V1.1.47 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/QIU-DIE/CVE/issues/51", "tags": ["broken-link", "exploit", "issue-tracking"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T14:37:27.485014Z", "id": "CVE-2026-1625", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:34:20.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-30T14:37:27.485014Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T14:37:31.476Z"}}], "cna": {"title": "D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection", "credits": [{"lang": "en", "type": "reporter", "value": "hhsw34 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "modules": ["SMS Message"], "product": "DWR-M961", "versions": [{"status": "affected", "version": "1.1.47"}]}], "timeline": [{"lang": "en", "time": "2026-01-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-29T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-20T17:25:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.343384", "name": "VDB-343384 | D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343384", "name": "VDB-343384 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.740792", "name": "Submit #740792 | D-Link DW V1.1.47 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/QIU-DIE/CVE/issues/51", "tags": ["broken-link", "exploit", "issue-tracking"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:07:33.474Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1625", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:07:33.474Z", "dateReserved": "2026-01-29T14:49:36.915Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-29T22:02:13.222Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dwr-m961_firmware:1.1.47:*:*:*:*:*:*:*", "matchCriteriaId": "9CB11C83-1AC4-402C-871A-A37460D8946D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dwr-m961:-:*:*:*:*:*:*:*", "matchCriteriaId": "17ACD8A6-3395-458B-B5C1-F8B6526D5A42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en D-Link DWR-M961 1.1.47. El elemento afectado es la funci\u00f3n sub_4250E0 del archivo /boafrm/formSmsManage del componente SMS Message. Realizar una manipulaci\u00f3n del argumento action_value resulta en inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. El exploit ya es p\u00fablico y puede ser utilizado."}], "id": "CVE-2026-1625", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-29T22:15:54.103", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link", "Issue Tracking"], "url": "https://github.com/QIU-DIE/CVE/issues/51"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.343384"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.343384"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.740792"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:16:36.570605+00:00", "value": {"mitigation_remediation": ["Upgrade the router firmware to the latest version that addresses this command\u2011injection flaw.", "If an immediate firmware update is not available, disable the SMS Message service or block access to the /boafrm/formSmsManage endpoint to eliminate the vulnerable function.", "Place the device behind a firewall and restrict management\u2011interface traffic to trusted IPs or local networks, ensuring that only authorized users can reach the web console."], "summary": {"action": "Patch", "impact": "Command Injection"}, "threat_synthesis": {"affected_systems": "Vulnerable hardware is the D\u2011Link DWR\u2011M961 router running firmware version 1.1.47. No other product versions are listed as affected in the current data.", "description_and_impact": "The flaw is in the SMS Message module of D\u2011Link DWR\u2011M961 firmware 1.1.47, specifically the sub_4250E0 function within /boafrm/formSmsManage. A crafted action_value argument can inject system commands. This allows a remote attacker to execute arbitrary commands with the privileges of the device, potentially exposing network traffic, rebooting the device, or compromising its operating system. The attack relies on insufficient input validation and the presence of a command\u2011execution trigger, which correlates with the CWE identifiers for command injection.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1\u2009% suggests a very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires remote access to the device's web interface, specifically the SMS management endpoint. An attacker can send a crafted HTTP request with a malicious action_value payload, causing the router to execute arbitrary shell commands. The absence of an official exploit mitigations in the public domain means the attack surface is driven by user interaction with the router's SMS feature."}}}}, "created": "2026-01-30T08:42:23.311510+00:00", "updated": "2026-04-18T01:30:16.028752+00:00", "vendors": ["d-link", "d-link$PRODUCT$dwr-961"]}