D-Link Dwr M921
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in D-Link Dwr M921.
By the Year
In 2026 there have been 3 vulnerabilities in D-Link Dwr M921 with an average score of 6.6 out of ten. Last year, in 2025 Dwr M921 had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dwr M921 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.37
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 6.60 |
| 2025 | 3 | 7.97 |
It may take a day or so for new Dwr M921 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D-Link Dwr M921 Security Vulnerabilities
D-Link DWR-M921 1.1.50 cmd inject via fota_url
CVE-2026-2169
6.3 - Medium
- February 08, 2026
A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Command Injection in D-Link DWR-M921 1.1.50 via fota_url
CVE-2026-2168
6.3 - Medium
- February 08, 2026
A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Command Injection
Command injection in D-Link DWR-M921 1.1.50 USSD Config Endpoint
CVE-2026-2085
7.2 - High
- February 07, 2026
A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Command Injection
D-Link routers 1.1.5: Cmd Injection in /boafrm/formDebugDiagnosticRun
CVE-2025-13306
6.3 - Medium
- November 17, 2025
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Command Injection
D-Link DWR-M920/M921/M960, DIR-822K/825M 1.01.07 Buffer Overflow in /boafrm/diag
CVE-2025-13305
8.8 - High
- November 17, 2025
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Classic Buffer Overflow
D-Link Router Buffer Overflow in /boafrm/formPingDiagnosticRun
CVE-2025-13304
8.8 - High
- November 17, 2025
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Classic Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for D-Link Dwr M921 or by D-Link? Click the Watch button to subscribe.
