Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2025-13550— D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow

CVSS 8.8 · High EPSS 0.27% · P50
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-13550

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
D-Link DWR-M920和D-Link DIR-822K 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
D-Link DWR-M920和D-Link DIR-822K都是中国友讯(D-Link)公司的产品。D-Link DWR-M920是一款路由器。D-Link DIR-822K是一款无线路由器。 D-Link DWR-M920和D-Link DIR-822K 1.00_20250513164613/1.1.50版本存在安全漏洞,该漏洞源于文件/boafrm/formVpnConfigSetup中参数submit-url的错误操作,可能导致缓冲区溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
D-LinkDIR-822K 1.00_20250513164613 -
D-LinkDWR-M920 1.00_20250513164613 -

II. Public POCs for CVE-2025-13550

#POC DescriptionSource LinkShenlong Link
AI-Generated POCVerified env Premium
Qwen3.6-35B-A3B · 8328 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2025-13550

登录查看更多情报信息。

Vendor Advisories for CVE-2025-13550 (1)

Proof of Concept for CVE-2025-13550 (1)

Vendor Pages for CVE-2025-13550 (1)

Other References for CVE-2025-13550 (1)

Same Patch Batch · D-Link · 2025-11-23 · 8 CVEs total

CVE-2025-135538.8 HIGHD-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow
CVE-2025-135528.8 HIGHD-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow
CVE-2025-135518.8 HIGHD-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow
CVE-2025-135498.8 HIGHD-Link DIR-822K formNtp sub_455524 buffer overflow
CVE-2025-135488.8 HIGHD-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
CVE-2025-135478.8 HIGHD-Link DIR-822K/DWR-M920 formDdns memory corruption
CVE-2025-135627.3 HIGHD-Link DIR-852 gena.cgi command injection

IV. Related Vulnerabilities

Same product: DIR-822K
Same vendor: D-Link
Same weakness: CWE-120

V. Comments for CVE-2025-13550

No comments yet

Leave a comment