Critical Vulnerability Information Title D-Link DWR-M920 V1.1.50 Command Injection Description A vulnerability has been identified in D-Link DWR-M920 V1.1.50. This vulnerability can be triggered via the route /boafrn/formLtefotaUpgradeFibocom. Manipulation of the argument results in a stack overflow and command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be actively exploited. Source https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formLtefotaUpgradeFibocom.d User panda_0x1 (UID 87576) Submission 12/24/2025 04:54 PM (10 days ago) Moderation 12/28/2025 10:10 AM (4 days later) Status Accepted VulDB entry 238576 [D-Link DWR-M920 up to 1.1.50 formLtefotaUpgradeFibocom sub_4155B4 fota_url command injection] Points 19