CVE-2025-13553

HighPublic PoC

Published: 23 November 2025

Published

23 November 2025

Modified

26 November 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made…

available to the public and could be exploited.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely remediation of identified flaws, such as applying firmware updates to patch the buffer overflow in sub_41C7FC of /boafrm/formPinManageSetup.

SI-10 Information Input Validation good match

prevent

SI-10 enforces validation of inputs like the submit-url argument to prevent buffer overflows classified under CWE-119 and CWE-120.

SI-16 Memory Protection partial match

prevent

SI-16 provides memory protections such as stack canaries or ASLR to mitigate exploitation of the buffer overflow even if it occurs.

Security SummaryAI

CVE-2025-13553 is a buffer overflow vulnerability affecting the D-Link DWR-M920 router on firmware version 1.1.50. The flaw exists in the function sub_41C7FC within the file /boafrm/formPinManageSetup, where manipulation of the submit-url argument triggers the overflow, as classified under CWE-119 and CWE-120.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited remotely over the network with low complexity and low privileges required, without user interaction. An attacker with such access could achieve high impacts on confidentiality, integrity, and availability, potentially leading to remote code execution or system compromise.

Advisories documented on VulDB (ctiid.333320, id.333320, submit.695435) describe the issue and note recent entry submission, while a GitHub repository at https://github.com/QIU-DIE/CVE/issues/45 provides a publicly available exploit. The vendor site https://www.dlink.com/ is referenced for further details, though no specific patches are outlined in the available information.

The exploit has been made public and could be exploited, highlighting the need for immediate firmware updates where available.

Details

CWE(s): CWE-119 CWE-120

Affected Products

dlink

dwr-m920 firmware

1.1.50

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote buffer overflow in web management interface (/boafrm/formPinManageSetup) enables arbitrary code execution or DoS, matching exploitation of public-facing applications as seen in similar router/IoT vulnerabilities.

References

https://github.com/QIU-DIE/CVE/issues/45
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.333320
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.333320
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.695435
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com
https://github.com/QIU-DIE/CVE/issues/45
Exploit, Issue Tracking, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0