CVE-2025-13550
Severity CVSS v4.0:
HIGH
Type:
CWE-119
Buffer Errors
Publication date:
23/11/2025
Last modified:
02/12/2025
Description
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Impact
Base Score 4.0
7.40
Severity 4.0
HIGH
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dir-822k_firmware:1.00_20250513164613:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-822k:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dwr-m920_firmware:1.1.50:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dwr-m920:b2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/QIU-DIE/CVE/issues/33
- https://github.com/QIU-DIE/CVE/issues/47
- https://vuldb.com/?ctiid_333317=
- https://vuldb.com/?id_333317=
- https://vuldb.com/?submit_693777=
- https://vuldb.com/?submit_695437=
- https://www.dlink.com/
- https://github.com/QIU-DIE/CVE/issues/33
- https://github.com/QIU-DIE/CVE/issues/47