CVE-2025-15192
Unknown Unknown - Not Provided
Remote Command Injection in D-Link DWR-M920 LTE Firmware

Publication date: 2025-12-29

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-29
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-12-29
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15192
EUVD
EUVD-2025-205580
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
d-link dwr-m920 1.1.50
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a command injection issue in the D-Link DWR-M920 device up to version 1.1.50. It occurs in the function sub_415328 within the file /boafrm/formLtefotaUpgradeQuectel. By manipulating the argument fota_url, an attacker can inject and execute arbitrary commands remotely on the device.


How can this vulnerability impact me? :

The vulnerability allows remote attackers to execute arbitrary commands on the affected device, potentially leading to unauthorized control, data compromise, or disruption of device functionality.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP requests to the endpoint /boafrm/formLtefotaUpgradeQuectel, specifically looking for suspicious or malformed fota_url parameter values that may indicate command injection attempts. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such patterns. Additionally, you can use curl or wget commands to test the endpoint for command injection by sending crafted payloads in the fota_url parameter. For example: curl -X POST 'http://<router-ip>/boafrm/formLtefotaUpgradeQuectel' -d 'fota_url=;id' to check if command execution is possible. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing or upgrading the affected D-Link DWR-M920 router firmware to a version beyond 1.1.50 if available, or discontinuing use of the affected device to avoid exploitation. Since no known countermeasures or patches are documented, restricting remote access to the device, disabling remote management features, and implementing network-level protections such as firewalls to block access to the vulnerable endpoint can help reduce risk. [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart