CVE-2025-15191 | D-Link DWR-M920 up to 1.1.50 formLtefotaUpgradeFibocom sub_4155B4 fota_url command injection

Uncategorized
Yanac

A vulnerability classified as critical has been found in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection.

This vulnerability is registered as CVE-2025-15191. Remote exploitation of the attack is possible. Furthermore, an exploit is available.VulDB Recent EntriesRead More