Request a Demo
Rewterz
RedLine Stealer – Active IOCs
November 24, 2025
Rewterz
Multiple Microsoft Windows Products Vulnerabilities
November 24, 2025

Multiple D-Link Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-13547 CVSS:8.8

A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.

CVE-2025-13549 CVSS:8.8

A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

CVE-2025-13551 CVSS:8.8

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

CVE-2025-13562 CVSS:7.3

A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-13553 CVSS:8.8

A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

Impact

  • Gain Access
  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2025-13547

  • CVE-2025-13549

  • CVE-2025-13551

  • CVE-2025-13562

  • CVE-2025-13553

Affected Vendors

  • D-Link

Affected Products

  • D-Link DIR-822K 1.00_20250513164613
  • D-Link DIR-822K 1.1.50
  • D-Link DWR-M920 1.00_20250513164613
  • D-Link DWR-M920 1.1.50
  • D-Link DIR-852 1.00

Remediation

Refer to D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website