Overview
A high-severity buffer overflow vulnerability, identified as CVE-2025-13304, has been discovered in several D-Link router models. This flaw could allow remote attackers to execute arbitrary code on affected devices. The vulnerability affects specific versions of D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M routers. Due to the public availability of exploit code, immediate action is recommended to mitigate potential risks.
Technical Details
The vulnerability resides within the `/boafrm/formPingDiagnosticRun` file of the affected D-Link router firmware. Specifically, it stems from insufficient validation of the `host` argument used in the Ping Diagnostic functionality. By manipulating this argument with an overly long string, an attacker can trigger a buffer overflow, potentially leading to code execution. The attack can be initiated remotely, making it a significant threat.
Affected Products:
- D-Link DWR-M920
- D-Link DWR-M921
- D-Link DWR-M960
- D-Link DWR-M961
- D-Link DIR-825M 1.01.07/1.1.47
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) has assigned a score of 8.8 to CVE-2025-13304, indicating a HIGH severity. This score reflects the following characteristics:
- Attack Vector: Network (AV:N) – The vulnerability can be exploited remotely over a network.
- Attack Complexity: Low (AC:L) – The attack is relatively easy to perform.
- Privileges Required: None (PR:N) – No user privileges are required to exploit the vulnerability.
- User Interaction: None (UI:N) – No user interaction is required to exploit the vulnerability.
- Scope: Unchanged (S:U) – An exploited vulnerability cannot affect resources beyond the security scope managed by the security authority
- Confidentiality Impact: High (C:H) – There is total information disclosure, resulting in all resources within the impacted component being divulged to the attacker.
- Integrity Impact: High (I:H) – There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.
- Availability Impact: High (A:H) – There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker maintains the condition) or persistent (the condition cannot be restored).
Possible Impact
Successful exploitation of CVE-2025-13304 could have severe consequences, including:
- Remote Code Execution: Attackers could execute arbitrary code on the affected router, gaining complete control of the device.
- Data Theft: Sensitive data transmitted through the router could be compromised.
- Malware Installation: The router could be used as a platform to install malware, potentially spreading to other devices on the network.
- Denial of Service (DoS): Attackers could disable the router, disrupting network connectivity.
- Botnet Recruitment: Compromised routers could be added to botnets, used for distributed denial-of-service (DDoS) attacks or other malicious activities.
Mitigation and Patch Steps
To mitigate the risk posed by CVE-2025-13304, the following steps are recommended:
- Check Router Model and Firmware Version: Verify if your D-Link router model and firmware version are listed as affected.
- Apply Firmware Update (if available): Check the D-Link website for a firmware update that addresses this vulnerability. Apply the update as soon as it becomes available.
- Disable Remote Management: Disable remote management access to your router if it’s not essential.
- Use a Strong Password: Ensure that your router’s administrative password is strong and unique.
- Consider Network Segmentation: If possible, segment your network to limit the impact of a compromised router.
- Monitor Network Traffic: Monitor network traffic for suspicious activity that might indicate an attempted exploit.
