CVE-2025-15192 | D-Link DWR-M920 up to 1.1.50 formLtefotaUpgradeQuectel sub_415328 fota_url command injection

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability classified as critical was found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection.

This vulnerability is documented as CVE-2025-15192. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2025-15192 | D-Link DWR-M920 up to 1.1.50 formLtefotaUpgradeQuectel sub_415328 fota_url command injection

Post correlati

CVE-2025-49042 | Automattic WooCommerce Plugin up to 10.0.2 on WordPress cross site scripting

CVE-2024-29976 | Zyxel NAS326/NAS542 prior 5.21 show_allsessions privileges management

CVE-2025-1463 | javmah Spreadsheet Integration Plugin up to 3.8.2 on WordPress class-wpgsi-show.php cross-site request forgery

CVE-2025-39729 | Linux Kernel up to 6.16.0 crypto sev-dev.c __sev_platform_init_locked uninitialized pointer