D-Link DIR-822K and DWR-M920, Buffer Overflow, CVE-2025-13548 (Critical)

Listen to this Post

🐢▶️ Listen🚀

The vulnerability CVE-2025-13548 is a remote buffer overflow in D-Link DIR-822K and DWR-M920 routers running firmware version 1.00_20250513164613/1.1.50. It occurs in the web interface file /boafrm/formFirewallAdv, which handles firewall configuration. When an HTTP POST request is sent to this endpoint, the `submit-url` parameter is processed without proper length validation. The application uses unsafe string functions like strcpy or strcat to copy user-supplied data from this parameter into a fixed-size stack buffer. An attacker can craft a malicious request with an excessively long string in the `submit-url` field, exceeding the buffer’s capacity. This overwrites adjacent memory regions on the stack, corrupting critical data such as function return addresses. By precisely controlling the overflow content, the attacker can redirect code execution to malicious shellcode embedded in the request. The routers likely lack security mitigations like stack canaries or ASLR, making exploitation straightforward. Remote unauthenticated attackers can trigger this via a network request, potentially gaining arbitrary code execution. This could lead to full device compromise, allowing configuration changes, traffic interception, or botnet enrollment. The exploit is publicly available, increasing the risk of widespread attacks.
Platform: D-Link routers
Version: 1.00_20250513164613/1.1.50
Vulnerability: Buffer overflow
Severity: Critical
date: 11/23/2025

Prediction: Patch by Q1 2026

What Undercode Say:

Analytics:

curl -v http://192.168.0.1/boafrm/formFirewallAdv

nmap -p80 –script http-vuln-cve2025-13548

python3 exploit.py –target

how Exploit:

POST /boafrm/formFirewallAdv HTTP/1.1

Host:

Content-Type: application/x-www-form-urlencoded

Content-Length:

submit-url=

Protection from this CVE

Update firmware immediately.

Disable WAN access.

Use network segmentation.

Impact:

Remote code execution.

Device compromise.

Botnet recruitment.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin