1. Home
  2. CVE Database
  3. CVE-2025-13306
MEDIUM · 6.3

CVE-2025-13306

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of th...

Vulnerability Description

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
DlinkDwr-M920 Firmware1.1.5
DlinkDwr-M920b2
DlinkDwr-M921 Firmware1.1.50
DlinkDwr-M921-
DlinkDir-822K Firmwaretk_1.00_20250513164613
DlinkDir-822K-
DlinkDir-825M Firmware1.1.12
DlinkDir-825M-

Related Weaknesses (CWE)

CWE-74CWE-78CWE-77

References

FAQ

What is CVE-2025-13306?

CVE-2025-13306 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of th...

How severe is CVE-2025-13306?

CVE-2025-13306 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-13306?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dwr-M920 Firmware, Dlink Dwr-M920, Dlink Dwr-M921 Firmware, Dlink Dwr-M921, Dlink Dir-822K Firmware.