CVE-2025-15190 – A stack-based buffer overflow vulnerability exi... (How to Fix)

Q: What is the severity of CVE-2025-15190?

CVE-2025-15190 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability exists in D-Link DWR-M920 routers through firmware version 1.1.50. Remote attackers can exploit this by manipulating the ip6addr parameter in the formFilter component to execute arbitrary code or cause denial of service. This affects all users of vulnerable DWR-M920 router firmware.

📋 TL;DR

A stack-based buffer overflow vulnerability exists in D-Link DWR-M920 routers through firmware version 1.1.50. Remote attackers can exploit this by manipulating the ip6addr parameter in the formFilter component to execute arbitrary code or cause denial of service. This affects all users of vulnerable DWR-M920 router firmware.

💻 Affected Systems

Products:

D-Link DWR-M920

Versions: Up to and including firmware version 1.1.50

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerability is in the web interface component accessible via HTTP/HTTPS.

📦 What is this software?

Dwr M920 Firmware by Dlink

View all CVEs affecting Dwr M920 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Remote denial of service causing router crashes and network disruption, potentially requiring physical reset.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is restricted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exploit code is available. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available at time of analysis

Restart Required: Yes

Instructions:

1. Check D-Link security advisories for firmware updates. 2. Download latest firmware from official D-Link support site. 3. Upload firmware via router web interface. 4. Reboot router after update.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the vulnerable web interface

Access router admin interface > Advanced > Remote Management > Disable

Network Segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace affected hardware with supported/patched equipment
Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface: Login > Status > Device Info > Firmware Version

Check Version:

curl -k https://[router-ip]/status_deviceinfo.htm | grep Firmware

Verify Fix Applied:

Verify firmware version is above 1.1.50 after update

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /boafrm/formFilter with long ip6addr parameters
Router crash/reboot logs

Network Indicators:

HTTP traffic to router management interface with abnormal parameter lengths
Port scanning targeting router IP

SIEM Query:

source="router_logs" AND (uri="/boafrm/formFilter" AND param_length>100) OR event="device_reboot"

📊 Metadata

CVE ID: CVE-2025-15190

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.11% exploit probability (28.8th percentile)

Published: December 29, 2025

Last Updated: December 30, 2025

🔗 References

https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md Exploit,Third Party Advisory
https://github.com/panda666-888/vuls/blob/main/d-link/dwr-m920/formFilter.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.338575 Permissions Required,VDB Entry
https://vuldb.com/?id.338575 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.723553 Third Party Advisory,VDB Entry
https://www.dlink.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15190, you might also want to check these: