December 10, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
RedLine Stealer – Active IOCs
November 24, 2025Multiple Microsoft Windows Products Vulnerabilities
November 24, 2025RedLine Stealer – Active IOCs
November 24, 2025Multiple Microsoft Windows Products Vulnerabilities
November 24, 2025
Severity
High
Analysis Summary
CVE-2025-13547 CVSS:8.8
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2025-13549 CVSS:8.8
A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2025-13551 CVSS:8.8
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2025-13562 CVSS:7.3
A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-13553 CVSS:8.8
A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Impact
- Gain Access
- Buffer Overflow
Indicators of Compromise
CVE
CVE-2025-13547
CVE-2025-13549
CVE-2025-13551
CVE-2025-13562
CVE-2025-13553
Affected Vendors
- D-Link
Affected Products
- D-Link DIR-822K 1.00_20250513164613
- D-Link DIR-822K 1.1.50
- D-Link DWR-M920 1.00_20250513164613
- D-Link DWR-M920 1.1.50
- D-Link DIR-852 1.00
Remediation
Refer to D-Link Website for patch, upgrade, or suggested workaround information.