CVE-2025-13306 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M 1.1.5 formDebugDiagnosticRun system host command injection

A vulnerability was found in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. It has been classified as critical. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection.

This vulnerability is referenced as CVE-2025-13306. Remote exploitation of the attack is possible. Furthermore, an exploit is available.VulDB Recent EntriesRead More