A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The exploit is now public and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/QIU-DIE/CVE/issues/51 | Broken Link Issue Tracking |
| https://vuldb.com/?ctiid.343384 | Permissions Required VDB Entry |
| https://vuldb.com/?id.343384 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.740792 | Third Party Advisory VDB Entry |
| https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
20 Feb 2026, 15:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/QIU-DIE/CVE/issues/51 - Broken Link, Issue Tracking | |
| References | () https://vuldb.com/?ctiid.343384 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.343384 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.740792 - Third Party Advisory, VDB Entry | |
| References | () https://www.dlink.com/ - Product | |
| First Time |
Dlink dwr-m961
Dlink Dlink dwr-m961 Firmware |
|
| CPE | cpe:2.3:h:dlink:dwr-m961:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwr-m961_firmware:1.1.47:*:*:*:*:*:*:* |
29 Jan 2026, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-29 22:15
Updated : 2026-02-20 15:47
NVD link : CVE-2026-1625
Mitre link : CVE-2026-1625
CVE.ORG link : CVE-2026-1625
JSON object : View
Products Affected
dlink
- dwr-m961
- dwr-m961_firmware