CVE-2025-15193

HighPublic PoC

Published: 29 December 2025

Published

29 December 2025

Modified

30 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 30.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit…

is now public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents buffer overflow exploitation by validating and sanitizing the submit-url argument in the formParentControl function.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of the specific buffer overflow flaw in D-Link DWR-M920 firmware up to 1.1.50.

SI-16 Memory Protection partial match

prevent

Mitigates successful exploitation of the buffer overflow through memory protections such as ASLR and non-executable memory segments.

Security SummaryAI

CVE-2025-15193 is a buffer overflow vulnerability affecting D-Link DWR-M920 routers running firmware versions up to 1.1.50. The issue resides in the function sub_423848 within the file /boafrm/formParentControl, where manipulation of the submit-url argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability enables remote exploitation by attackers who possess low privileges, such as authenticated users on the device. By crafting and submitting a malicious submit-url argument, an attacker can trigger the buffer overflow, potentially leading to arbitrary code execution, data compromise, or denial of service, given the high confidentiality, integrity, and availability impacts outlined in the CVSS vector.

References, including GitHub repositories detailing the vulnerability and a proof-of-concept exploit at https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md and https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md#poc, as well as VulDB entries at https://vuldb.com/?ctiid.338578, https://vuldb.com/?id.338578, and https://vuldb.com/?submit.723556, confirm the exploit is public and available for use. No specific patch or mitigation details are provided in the available information.

Details

CWE(s): CWE-119 CWE-120

Affected Products

dlink

dwr-m920 firmware

≤ 1.1.50

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in the remotely accessible web interface (/boafrm/formParentControl) of the D-Link DWR-M920 router enables remote code execution, facilitating exploitation of a public-facing application.

References

https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formParentControl.md#poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.338578
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.338578
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.723556
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com