CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13306

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.3%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

Products affected by CVE-2025-13306

Dlink » Dir-822k » Version: N/A

cpe:2.3:h:dlink:dir-822k:-
Dlink » Dir-825m » Version: N/A

cpe:2.3:h:dlink:dir-825m:-
Dlink » Dwr-M920 » Version: b2

cpe:2.3:h:dlink:dwr-m920:b2
Dlink » Dwr-M921 » Version: N/A

cpe:2.3:h:dlink:dwr-m921:-
Dlink » Dir-822k Firmware » Version: tk_1.00_20250513164613

cpe:2.3:o:dlink:dir-822k_firmware:tk_1.00_20250513164613
Dlink » Dir-825m Firmware » Version: 1.1.12

cpe:2.3:o:dlink:dir-825m_firmware:1.1.12
Dlink » Dwr-M920 Firmware » Version: 1.1.5

cpe:2.3:o:dlink:dwr-m920_firmware:1.1.5
Dlink » Dwr-M921 Firmware » Version: 1.1.50

cpe:2.3:o:dlink:dwr-m921_firmware:1.1.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13306

Products

Pricing

Contact Us