关键漏洞信息 Title D-Link DWR-M920 V1.1.50 Command Injection Description A vulnerability has been found in D-Link DWR-M920 V1.1.50. This vulnerability can be triggered through the route /boafrn/formLtefotaUpgradeFibocom. The manipulation of the argument fota_url leads to stack overflow and command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Source https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.d User panda_0x1 (UID 87576) Submission 12/24/2025 04:54 PM (10 days ago) Moderation 12/28/2025 10:10 AM (4 days later) Status Accepted VulDB entry 238576 [D-Link DWR-M920 up to 1.1.50 formLtefotaUpgradeFibocom sub_4155B4 fota_url command injection] Points 19