ByteOS Network

CVE Vulnerability Details :

CVE-2025-13552

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-23 Nov, 2025 | 13:32

Updated At-24 Nov, 2025 | 16:23

▼CVE Numbering Authority (CNA)

D-Link DIR-822K/DWR-M920 formWlEncrypt buffer overflow

A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

Affected Products

Vendor

D-Link Corporation

Product

DIR-822K

Versions

Affected

1.00_20250513164613
1.1.50

Vendor

D-Link Corporation

Product

DWR-M920

Versions

Affected

1.00_20250513164613
1.1.50

Problem Types

Type	CWE ID	Description
CWE	CWE-120	Buffer Overflow
CWE	CWE-119	Memory Corruption

Type: CWE

CWE ID: CWE-120

Description: Buffer Overflow

Type: CWE

CWE ID: CWE-119

Description: Memory Corruption

Metrics

Version	Base score	Base severity	Vector
4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.0	9.0	N/A	AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Version: 3.0

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Version: 2.0

Base score: 9.0

Base severity: N/A

Vector:

AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Credits

reporter

hhsw34 (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-11-22 00:00:00
VulDB entry created	2025-11-22 01:00:00
VulDB entry last update	2025-11-22 16:17:49

Event: Advisory disclosed

Date: 2025-11-22 00:00:00

Event: VulDB entry created

Date: 2025-11-22 01:00:00

Event: VulDB entry last update

Date: 2025-11-22 16:17:49

References

Hyperlink	Resource
https://vuldb.com/?id.333319	vdb-entry technical-description
https://vuldb.com/?ctiid.333319	signature permissions-required
https://vuldb.com/?submit.693803	third-party-advisory
https://vuldb.com/?submit.695434	third-party-advisory
https://github.com/QIU-DIE/CVE/issues/36	issue-tracking
https://github.com/QIU-DIE/CVE/issues/44	exploit issue-tracking
https://www.dlink.com/	product

Hyperlink: https://vuldb.com/?id.333319

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.333319

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.693803

Resource:

third-party-advisory

Hyperlink: https://vuldb.com/?submit.695434

Resource:

third-party-advisory

Hyperlink: https://github.com/QIU-DIE/CVE/issues/36

Resource:

issue-tracking

Hyperlink: https://github.com/QIU-DIE/CVE/issues/44

Resource:

exploit

issue-tracking

Hyperlink: https://www.dlink.com/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://github.com/QIU-DIE/CVE/issues/44	exploit
https://github.com/QIU-DIE/CVE/issues/36	exploit

Hyperlink: https://github.com/QIU-DIE/CVE/issues/44

Resource:

exploit

Hyperlink: https://github.com/QIU-DIE/CVE/issues/36

Resource:

exploit

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References