Search

Find a vulnerability

Search criteria

    1758 vulnerabilities by D-link

    CVE-2026-15270 (GCVE-0-2026-15270)

    Vulnerability from nvd – Published: 2026-07-09 19:45 – Updated: 2026-07-09 19:45
    VLAI
    Title
    D-link DIR-823G Web boa.conf least privilege violation
    Summary
    A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks.
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-link DIR-823G Affected: 1.0.2B05_20181207
        cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "DIR-823G",
              "vendor": "D-link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.2B05_20181207"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.1,
                "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:45:08.076Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377213 | D-link DIR-823G Web boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377213"
            },
            {
              "name": "VDB-377213 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377213/cti"
            },
            {
              "name": "CVE-2026-15270 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15270"
            },
            {
              "name": "Submit #852314 | D-link DIR823G DIR823G V1.0.2B05_20181207 Misconfiguration in DIR823G",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852314"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://app.notion.com/p/DIR823G-V1-0-2B05_20181207-37a1f5ba989080f2a043c60d2cfc7499?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T16:54:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-link DIR-823G Web boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15270",
        "datePublished": "2026-07-09T19:45:08.076Z",
        "dateReserved": "2026-07-09T14:48:56.967Z",
        "dateUpdated": "2026-07-09T19:45:08.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13545 (GCVE-0-2026-13545)

    Vulnerability from nvd – Published: 2026-06-29 07:00 – Updated: 2026-06-29 14:52
    VLAI
    Title
    D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection
    Summary
    A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-935L Affected: 1.10.01
        cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Simplicity (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13545",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T14:13:38.654821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T14:52:35.010Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "DCS-935L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Simplicity (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T07:00:11.050Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374553 | D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/374553"
            },
            {
              "name": "VDB-374553 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374553/cti"
            },
            {
              "name": "CVE-2026-13545 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13545"
            },
            {
              "name": "Submit #842589 | D-Link DCS-935L HD Wi-Fi Camera 1.10.01 CWE-78: OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842589"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Command_Injection"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T12:22:11.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13545",
        "datePublished": "2026-06-29T07:00:11.050Z",
        "dateReserved": "2026-06-28T10:17:07.204Z",
        "dateUpdated": "2026-06-29T14:52:35.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12174 (GCVE-0-2026-12174)

    Vulnerability from nvd – Published: 2026-06-13 20:15 – Updated: 2026-06-15 17:02
    VLAI
    Title
    D-Link DCS-935L HTTP rhea snprintf format string
    Summary
    A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-935L Affected: 1.10.01
        cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Simplicity (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12174",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T17:01:54.490504Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T17:02:00.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Handler"
              ],
              "product": "DCS-935L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Simplicity (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-13T20:15:12.362Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-370815 | D-Link DCS-935L HTTP rhea snprintf format string",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/370815"
            },
            {
              "name": "VDB-370815 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/370815/cti"
            },
            {
              "name": "CVE-2026-12174 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12174"
            },
            {
              "name": "Submit #837209 | D-Link DCS-935L HD Wi-Fi Camera 1.10.01 CWE-134: Use of Externally-Controlled Format String",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/837209"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_String"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-13T07:41:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-935L HTTP rhea snprintf format string"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12174",
        "datePublished": "2026-06-13T20:15:12.362Z",
        "dateReserved": "2026-06-13T05:36:07.097Z",
        "dateUpdated": "2026-06-15T17:02:00.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11555 (GCVE-0-2026-11555)

    Vulnerability from nvd – Published: 2026-06-08 17:45 – Updated: 2026-06-09 15:52
    VLAI
    Title
    D-Link DGS-1100-08PD Web boa.conf least privilege violation
    Summary
    A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DGS-1100-08PD Affected: 1.00.006
        cpe:2.3:h:d-link:dgs-1100-08pd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yinfantasy (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11555",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:52:04.882283Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:52:17.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dgs-1100-08pd:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "DGS-1100-08PD",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00.006"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yinfantasy (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T17:45:13.723Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369165 | D-Link DGS-1100-08PD Web boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369165"
            },
            {
              "name": "VDB-369165 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369165/cti"
            },
            {
              "name": "CVE-2026-11555 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11555"
            },
            {
              "name": "Submit #834824 | D-link DGS-1100-08PD v1.00.006 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834824"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/D-link-DGS-1100-08PD-v1-00-006-3670ed14e5cb80848bc4e3129dfafa29?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-08T07:58:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DGS-1100-08PD Web boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11555",
        "datePublished": "2026-06-08T17:45:13.723Z",
        "dateReserved": "2026-06-08T05:53:11.594Z",
        "dateUpdated": "2026-06-09T15:52:17.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11497 (GCVE-0-2026-11497)

    Vulnerability from nvd – Published: 2026-06-08 06:30 – Updated: 2026-06-09 14:51
    VLAI
    Title
    D-Link DCS-5615 Boa Webserver boa.conf least privilege violation
    Summary
    A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-5615 Affected: 1.01.00
        cpe:2.3:h:d-link:dcs-5615:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yinfantasy (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11497",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:51:00.140535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:51:12.227Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dcs-5615:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Boa Webserver"
              ],
              "product": "DCS-5615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yinfantasy (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T06:30:10.399Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369117 | D-Link DCS-5615 Boa Webserver boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369117"
            },
            {
              "name": "VDB-369117 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369117/cti"
            },
            {
              "name": "CVE-2026-11497 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11497"
            },
            {
              "name": "Submit #834823 | D-link DCS-5615 1.01.00 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834823"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/D-link-DCS-5615_REV_1-01-00-3670ed14e5cb80e9be78f7d8dbf1e789?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T15:23:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-5615 Boa Webserver boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11497",
        "datePublished": "2026-06-08T06:30:10.399Z",
        "dateReserved": "2026-06-07T13:18:25.746Z",
        "dateUpdated": "2026-06-09T14:51:12.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11492 (GCVE-0-2026-11492)

    Vulnerability from nvd – Published: 2026-06-08 05:30 – Updated: 2026-06-08 13:00
    VLAI
    Title
    D-Link DIR-823G vsftpd vsftpd.conf least privilege violation
    Summary
    A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-823G Affected: 1.0.2B05
        cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11492",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:00:26.469301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T13:00:43.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "vsftpd"
              ],
              "product": "DIR-823G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.2B05"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T05:30:09.936Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369112 | D-Link DIR-823G vsftpd vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369112"
            },
            {
              "name": "VDB-369112 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369112/cti"
            },
            {
              "name": "CVE-2026-11492 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11492"
            },
            {
              "name": "Submit #834816 | D-Link  DIR823G V1.0.2B05_20181207 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834816"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/D-Link-DIR823G-V1-0-2B05_20181207-3671f5ba989080ac97fdc36d2fb5e57d?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T12:21:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-823G vsftpd vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11492",
        "datePublished": "2026-06-08T05:30:09.936Z",
        "dateReserved": "2026-06-07T10:16:15.110Z",
        "dateUpdated": "2026-06-08T13:00:43.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11341 (GCVE-0-2026-11341)

    Vulnerability from nvd – Published: 2026-06-05 16:45 – Updated: 2026-06-05 19:37
    VLAI
    Title
    D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
    Summary
    A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11341",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:37:05.583336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:37:29.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:45:09.150Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368882 | D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368882"
            },
            {
              "name": "VDB-368882 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368882/cti"
            },
            {
              "name": "CVE-2026-11341 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11341"
            },
            {
              "name": "Submit #832593 | D-Link DWR-M920 1.1.50 Command Injection and  Stack Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832593"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formIMEISetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:24:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11341",
        "datePublished": "2026-06-05T16:45:09.150Z",
        "dateReserved": "2026-06-05T08:19:13.223Z",
        "dateUpdated": "2026-06-05T19:37:29.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11339 (GCVE-0-2026-11339)

    Vulnerability from nvd – Published: 2026-06-05 16:30 – Updated: 2026-06-09 14:37
    VLAI
    Title
    D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11339",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:10:32.759390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:14.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:30:11.653Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368881 | D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368881"
            },
            {
              "name": "VDB-368881 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368881/cti"
            },
            {
              "name": "CVE-2026-11339 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11339"
            },
            {
              "name": "Submit #832579 | D-Link DWR-M920 1.1.50 Code Injection and Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832579"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formUSSDSetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:23:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11339",
        "datePublished": "2026-06-05T16:30:11.653Z",
        "dateReserved": "2026-06-05T08:18:10.205Z",
        "dateUpdated": "2026-06-09T14:37:14.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10878 (GCVE-0-2026-10878)

    Vulnerability from nvd – Published: 2026-06-05 00:00 – Updated: 2026-06-05 19:28
    VLAI
    Title
    D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Affected: 1.1.70
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:27:49.229788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:28:05.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                },
                {
                  "status": "affected",
                  "version": "1.1.70"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:00:17.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368368 | D-Link DWR-M920 formSmsManage sub_41C8E8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368368"
            },
            {
              "name": "VDB-368368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368368/cti"
            },
            {
              "name": "CVE-2026-10878 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10878"
            },
            {
              "name": "Submit #832154 | D-Link DWR-M920 1.1.50,1.1.70 Command Injection and stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832154"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formSmsManage.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T17:45:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formSmsManage sub_41C8E8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10878",
        "datePublished": "2026-06-05T00:00:17.909Z",
        "dateReserved": "2026-06-04T15:40:34.401Z",
        "dateUpdated": "2026-06-05T19:28:05.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10270 (GCVE-0-2026-10270)

    Vulnerability from nvd – Published: 2026-06-01 15:30 – Updated: 2026-06-01 19:46
    VLAI
    Title
    D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow
    Summary
    A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 19.09.19A1
        cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Zheng (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10270",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T19:34:34.115670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T19:46:56.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "API"
              ],
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.09.19A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zheng (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T15:30:11.093Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367549 | D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367549"
            },
            {
              "name": "VDB-367549 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367549/cti"
            },
            {
              "name": "CVE-2026-10270 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10270"
            },
            {
              "name": "Submit #825198 | D-Link DI-7001MINI-8G \u003c=19.09.19A1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/825198"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln/tree/main/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T16:18:08.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10270",
        "datePublished": "2026-06-01T15:30:11.093Z",
        "dateReserved": "2026-05-31T14:13:05.202Z",
        "dateUpdated": "2026-06-01T19:46:56.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10206 (GCVE-0-2026-10206)

    Vulnerability from nvd – Published: 2026-06-01 00:15 – Updated: 2026-06-01 12:07
    VLAI
    Title
    D-Link DI-8400 dbsrv.asp stack-based overflow
    Summary
    A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DI-8400 Affected: 16.07.26A1
        cpe:2.3:h:d-link:di-8400:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Zheng (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10206",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T11:55:26.990831Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T12:07:02.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:di-8400:*:*:*:*:*:*:*:*"
              ],
              "product": "DI-8400",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zheng (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T00:15:08.710Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367486 | D-Link DI-8400 dbsrv.asp stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367486"
            },
            {
              "name": "VDB-367486 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367486/cti"
            },
            {
              "name": "CVE-2026-10206 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10206"
            },
            {
              "name": "Submit #821716 | D-Link DI-8400 \u003c=v16.07.26A1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/821716"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T08:45:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-8400 dbsrv.asp stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10206",
        "datePublished": "2026-06-01T00:15:08.710Z",
        "dateReserved": "2026-05-31T06:40:45.989Z",
        "dateUpdated": "2026-06-01T12:07:02.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-25358 (GCVE-0-2018-25358)

    Vulnerability from nvd – Published: 2026-05-23 18:30 – Updated: 2026-05-26 14:14
    VLAI
    Title
    D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi
    Summary
    D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-601 Affected: 0 , ≤ 2.02 (custom)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Credits
    Richard Rogerson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25358",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T14:14:12.259990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T14:14:26.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-601",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.02",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Richard Rogerson"
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:41:06.672Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-45002",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/45002"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "http://ca.dlink.com/"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.packetlabs.net"
            },
            {
              "name": "Product Reference",
              "tags": [
                "product"
              ],
              "url": "http://support.dlink.ca/ProductInfo.aspx?m=DIR-601"
            },
            {
              "name": "VulnCheck Advisory: D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-dir601-2-02na-credential-disclosure-via-my-cgi-cgi"
            }
          ],
          "title": "D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25358",
        "datePublished": "2026-05-23T18:30:57.111Z",
        "dateReserved": "2026-05-23T16:48:08.746Z",
        "dateUpdated": "2026-05-26T14:14:26.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8346 (GCVE-0-2026-8346)

    Vulnerability from nvd – Published: 2026-05-11 23:15 – Updated: 2026-05-12 13:18
    VLAI
    Title
    D-Link DIR-816 portForward command injection
    Summary
    A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/362662 vdb-entrytechnical-description
    https://vuldb.com/vuln/362662/cti signaturepermissions-required
    https://vuldb.com/submit/811380 third-party-advisory
    https://github.com/lipenghai/iot_bug/blob/main/D-… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-816 Affected: 1.10CNB05_R1B011D88210
    Create a notification for this product.
    Credits
    stksgg (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8346",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:18:24.191845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:18:35.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10CNB05_R1B011D88210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "stksgg (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T23:15:13.824Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362662 | D-Link DIR-816 portForward command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362662"
            },
            {
              "name": "VDB-362662 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362662/cti"
            },
            {
              "name": "Submit #811380 | D-Link DIR816 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811380"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/3.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-11T18:29:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-816 portForward command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8346",
        "datePublished": "2026-05-11T23:15:13.824Z",
        "dateReserved": "2026-05-11T16:24:24.012Z",
        "dateUpdated": "2026-05-12T13:18:35.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8345 (GCVE-0-2026-8345)

    Vulnerability from nvd – Published: 2026-05-11 22:00 – Updated: 2026-05-12 13:20
    VLAI
    Title
    D-Link DIR-816 singlePortForward sub_445E7C command injection
    Summary
    A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/362661 vdb-entrytechnical-description
    https://vuldb.com/vuln/362661/cti signaturepermissions-required
    https://vuldb.com/submit/811379 third-party-advisory
    https://github.com/lipenghai/iot_bug/blob/main/D-… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-816 Affected: 1.10CNB05_R1B011D88210
    Create a notification for this product.
    Credits
    stksgg (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8345",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:20:05.330044Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:20:15.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10CNB05_R1B011D88210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "stksgg (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:00:14.970Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362661 | D-Link DIR-816 singlePortForward sub_445E7C command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362661"
            },
            {
              "name": "VDB-362661 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362661/cti"
            },
            {
              "name": "Submit #811379 | D-Link DIR816 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811379"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/2.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-11T18:29:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-816 singlePortForward sub_445E7C command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8345",
        "datePublished": "2026-05-11T22:00:14.970Z",
        "dateReserved": "2026-05-11T16:24:21.287Z",
        "dateUpdated": "2026-05-12T13:20:15.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8344 (GCVE-0-2026-8344)

    Vulnerability from nvd – Published: 2026-05-11 21:30 – Updated: 2026-05-17 02:00
    VLAI
    Title
    D-Link DIR-816 formDMZ.cgi sub_445E7C command injection
    Summary
    A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/362660 vdb-entrytechnical-description
    https://vuldb.com/vuln/362660/cti signaturepermissions-required
    https://vuldb.com/submit/811378 third-party-advisory
    https://github.com/lipenghai/iot_bug/blob/main/D-… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-816 Affected: 1.10CNB05_R1B011D88210
        cpe:2.3:h:d-link:dir-816:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    stksgg (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8344",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:08:36.904902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:39:02.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dir-816:*:*:*:*:*:*:*:*"
              ],
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10CNB05_R1B011D88210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "stksgg (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T02:00:56.382Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362660 | D-Link DIR-816 formDMZ.cgi sub_445E7C command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362660"
            },
            {
              "name": "VDB-362660 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362660/cti"
            },
            {
              "name": "Submit #811378 | D-Link DIR 878 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811378"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/1.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-12T04:49:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-816 formDMZ.cgi sub_445E7C command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8344",
        "datePublished": "2026-05-11T21:30:12.914Z",
        "dateReserved": "2026-05-11T16:24:15.587Z",
        "dateUpdated": "2026-05-17T02:00:56.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15270 (GCVE-0-2026-15270)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:45 – Updated: 2026-07-09 19:45
    VLAI
    Title
    D-link DIR-823G Web boa.conf least privilege violation
    Summary
    A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks.
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-link DIR-823G Affected: 1.0.2B05_20181207
        cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "DIR-823G",
              "vendor": "D-link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.2B05_20181207"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.1,
                "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:45:08.076Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377213 | D-link DIR-823G Web boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377213"
            },
            {
              "name": "VDB-377213 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377213/cti"
            },
            {
              "name": "CVE-2026-15270 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15270"
            },
            {
              "name": "Submit #852314 | D-link DIR823G DIR823G V1.0.2B05_20181207 Misconfiguration in DIR823G",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852314"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://app.notion.com/p/DIR823G-V1-0-2B05_20181207-37a1f5ba989080f2a043c60d2cfc7499?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T16:54:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-link DIR-823G Web boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15270",
        "datePublished": "2026-07-09T19:45:08.076Z",
        "dateReserved": "2026-07-09T14:48:56.967Z",
        "dateUpdated": "2026-07-09T19:45:08.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13545 (GCVE-0-2026-13545)

    Vulnerability from cvelistv5 – Published: 2026-06-29 07:00 – Updated: 2026-06-29 14:52
    VLAI
    Title
    D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection
    Summary
    A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-935L Affected: 1.10.01
        cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Simplicity (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13545",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T14:13:38.654821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T14:52:35.010Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "DCS-935L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Simplicity (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T07:00:11.050Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374553 | D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/374553"
            },
            {
              "name": "VDB-374553 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374553/cti"
            },
            {
              "name": "CVE-2026-13545 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13545"
            },
            {
              "name": "Submit #842589 | D-Link DCS-935L HD Wi-Fi Camera 1.10.01 CWE-78: OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842589"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Command_Injection"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T12:22:11.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13545",
        "datePublished": "2026-06-29T07:00:11.050Z",
        "dateReserved": "2026-06-28T10:17:07.204Z",
        "dateUpdated": "2026-06-29T14:52:35.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12174 (GCVE-0-2026-12174)

    Vulnerability from cvelistv5 – Published: 2026-06-13 20:15 – Updated: 2026-06-15 17:02
    VLAI
    Title
    D-Link DCS-935L HTTP rhea snprintf format string
    Summary
    A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-935L Affected: 1.10.01
        cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Simplicity (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12174",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T17:01:54.490504Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T17:02:00.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Handler"
              ],
              "product": "DCS-935L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Simplicity (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-13T20:15:12.362Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-370815 | D-Link DCS-935L HTTP rhea snprintf format string",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/370815"
            },
            {
              "name": "VDB-370815 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/370815/cti"
            },
            {
              "name": "CVE-2026-12174 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12174"
            },
            {
              "name": "Submit #837209 | D-Link DCS-935L HD Wi-Fi Camera 1.10.01 CWE-134: Use of Externally-Controlled Format String",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/837209"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_String"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-13T07:41:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-935L HTTP rhea snprintf format string"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12174",
        "datePublished": "2026-06-13T20:15:12.362Z",
        "dateReserved": "2026-06-13T05:36:07.097Z",
        "dateUpdated": "2026-06-15T17:02:00.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11555 (GCVE-0-2026-11555)

    Vulnerability from cvelistv5 – Published: 2026-06-08 17:45 – Updated: 2026-06-09 15:52
    VLAI
    Title
    D-Link DGS-1100-08PD Web boa.conf least privilege violation
    Summary
    A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DGS-1100-08PD Affected: 1.00.006
        cpe:2.3:h:d-link:dgs-1100-08pd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yinfantasy (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11555",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:52:04.882283Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:52:17.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dgs-1100-08pd:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "DGS-1100-08PD",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.00.006"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yinfantasy (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T17:45:13.723Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369165 | D-Link DGS-1100-08PD Web boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369165"
            },
            {
              "name": "VDB-369165 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369165/cti"
            },
            {
              "name": "CVE-2026-11555 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11555"
            },
            {
              "name": "Submit #834824 | D-link DGS-1100-08PD v1.00.006 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834824"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/D-link-DGS-1100-08PD-v1-00-006-3670ed14e5cb80848bc4e3129dfafa29?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-08T07:58:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DGS-1100-08PD Web boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11555",
        "datePublished": "2026-06-08T17:45:13.723Z",
        "dateReserved": "2026-06-08T05:53:11.594Z",
        "dateUpdated": "2026-06-09T15:52:17.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11497 (GCVE-0-2026-11497)

    Vulnerability from cvelistv5 – Published: 2026-06-08 06:30 – Updated: 2026-06-09 14:51
    VLAI
    Title
    D-Link DCS-5615 Boa Webserver boa.conf least privilege violation
    Summary
    A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DCS-5615 Affected: 1.01.00
        cpe:2.3:h:d-link:dcs-5615:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yinfantasy (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11497",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:51:00.140535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:51:12.227Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dcs-5615:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Boa Webserver"
              ],
              "product": "DCS-5615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yinfantasy (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T06:30:10.399Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369117 | D-Link DCS-5615 Boa Webserver boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369117"
            },
            {
              "name": "VDB-369117 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369117/cti"
            },
            {
              "name": "CVE-2026-11497 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11497"
            },
            {
              "name": "Submit #834823 | D-link DCS-5615 1.01.00 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834823"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/D-link-DCS-5615_REV_1-01-00-3670ed14e5cb80e9be78f7d8dbf1e789?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T15:23:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-5615 Boa Webserver boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11497",
        "datePublished": "2026-06-08T06:30:10.399Z",
        "dateReserved": "2026-06-07T13:18:25.746Z",
        "dateUpdated": "2026-06-09T14:51:12.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11492 (GCVE-0-2026-11492)

    Vulnerability from cvelistv5 – Published: 2026-06-08 05:30 – Updated: 2026-06-08 13:00
    VLAI
    Title
    D-Link DIR-823G vsftpd vsftpd.conf least privilege violation
    Summary
    A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DIR-823G Affected: 1.0.2B05
        cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11492",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:00:26.469301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T13:00:43.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dir-823g:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "vsftpd"
              ],
              "product": "DIR-823G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.2B05"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T05:30:09.936Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369112 | D-Link DIR-823G vsftpd vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369112"
            },
            {
              "name": "VDB-369112 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369112/cti"
            },
            {
              "name": "CVE-2026-11492 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11492"
            },
            {
              "name": "Submit #834816 | D-Link  DIR823G V1.0.2B05_20181207 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/834816"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/D-Link-DIR823G-V1-0-2B05_20181207-3671f5ba989080ac97fdc36d2fb5e57d?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T12:21:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-823G vsftpd vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11492",
        "datePublished": "2026-06-08T05:30:09.936Z",
        "dateReserved": "2026-06-07T10:16:15.110Z",
        "dateUpdated": "2026-06-08T13:00:43.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11341 (GCVE-0-2026-11341)

    Vulnerability from cvelistv5 – Published: 2026-06-05 16:45 – Updated: 2026-06-05 19:37
    VLAI
    Title
    D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
    Summary
    A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11341",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:37:05.583336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:37:29.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:45:09.150Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368882 | D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368882"
            },
            {
              "name": "VDB-368882 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368882/cti"
            },
            {
              "name": "CVE-2026-11341 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11341"
            },
            {
              "name": "Submit #832593 | D-Link DWR-M920 1.1.50 Command Injection and  Stack Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832593"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formIMEISetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:24:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11341",
        "datePublished": "2026-06-05T16:45:09.150Z",
        "dateReserved": "2026-06-05T08:19:13.223Z",
        "dateUpdated": "2026-06-05T19:37:29.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11339 (GCVE-0-2026-11339)

    Vulnerability from cvelistv5 – Published: 2026-06-05 16:30 – Updated: 2026-06-09 14:37
    VLAI
    Title
    D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 1.1.3
    Affected: 1.1.4
    Affected: 1.1.5
    Affected: 1.1.6
    Affected: 1.1.7
    Affected: 1.1.8
    Affected: 1.1.9
    Affected: 1.1.10
    Affected: 1.1.11
    Affected: 1.1.12
    Affected: 1.1.13
    Affected: 1.1.14
    Affected: 1.1.15
    Affected: 1.1.16
    Affected: 1.1.17
    Affected: 1.1.18
    Affected: 1.1.19
    Affected: 1.1.20
    Affected: 1.1.21
    Affected: 1.1.22
    Affected: 1.1.23
    Affected: 1.1.24
    Affected: 1.1.25
    Affected: 1.1.26
    Affected: 1.1.27
    Affected: 1.1.28
    Affected: 1.1.29
    Affected: 1.1.30
    Affected: 1.1.31
    Affected: 1.1.32
    Affected: 1.1.33
    Affected: 1.1.34
    Affected: 1.1.35
    Affected: 1.1.36
    Affected: 1.1.37
    Affected: 1.1.38
    Affected: 1.1.39
    Affected: 1.1.40
    Affected: 1.1.41
    Affected: 1.1.42
    Affected: 1.1.43
    Affected: 1.1.44
    Affected: 1.1.45
    Affected: 1.1.46
    Affected: 1.1.47
    Affected: 1.1.48
    Affected: 1.1.49
    Affected: 1.1.50
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11339",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:10:32.759390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:14.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "1.1.3"
                },
                {
                  "status": "affected",
                  "version": "1.1.4"
                },
                {
                  "status": "affected",
                  "version": "1.1.5"
                },
                {
                  "status": "affected",
                  "version": "1.1.6"
                },
                {
                  "status": "affected",
                  "version": "1.1.7"
                },
                {
                  "status": "affected",
                  "version": "1.1.8"
                },
                {
                  "status": "affected",
                  "version": "1.1.9"
                },
                {
                  "status": "affected",
                  "version": "1.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.1.15"
                },
                {
                  "status": "affected",
                  "version": "1.1.16"
                },
                {
                  "status": "affected",
                  "version": "1.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.1.18"
                },
                {
                  "status": "affected",
                  "version": "1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.20"
                },
                {
                  "status": "affected",
                  "version": "1.1.21"
                },
                {
                  "status": "affected",
                  "version": "1.1.22"
                },
                {
                  "status": "affected",
                  "version": "1.1.23"
                },
                {
                  "status": "affected",
                  "version": "1.1.24"
                },
                {
                  "status": "affected",
                  "version": "1.1.25"
                },
                {
                  "status": "affected",
                  "version": "1.1.26"
                },
                {
                  "status": "affected",
                  "version": "1.1.27"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.1.29"
                },
                {
                  "status": "affected",
                  "version": "1.1.30"
                },
                {
                  "status": "affected",
                  "version": "1.1.31"
                },
                {
                  "status": "affected",
                  "version": "1.1.32"
                },
                {
                  "status": "affected",
                  "version": "1.1.33"
                },
                {
                  "status": "affected",
                  "version": "1.1.34"
                },
                {
                  "status": "affected",
                  "version": "1.1.35"
                },
                {
                  "status": "affected",
                  "version": "1.1.36"
                },
                {
                  "status": "affected",
                  "version": "1.1.37"
                },
                {
                  "status": "affected",
                  "version": "1.1.38"
                },
                {
                  "status": "affected",
                  "version": "1.1.39"
                },
                {
                  "status": "affected",
                  "version": "1.1.40"
                },
                {
                  "status": "affected",
                  "version": "1.1.41"
                },
                {
                  "status": "affected",
                  "version": "1.1.42"
                },
                {
                  "status": "affected",
                  "version": "1.1.43"
                },
                {
                  "status": "affected",
                  "version": "1.1.44"
                },
                {
                  "status": "affected",
                  "version": "1.1.45"
                },
                {
                  "status": "affected",
                  "version": "1.1.46"
                },
                {
                  "status": "affected",
                  "version": "1.1.47"
                },
                {
                  "status": "affected",
                  "version": "1.1.48"
                },
                {
                  "status": "affected",
                  "version": "1.1.49"
                },
                {
                  "status": "affected",
                  "version": "1.1.50"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:30:11.653Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368881 | D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368881"
            },
            {
              "name": "VDB-368881 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368881/cti"
            },
            {
              "name": "CVE-2026-11339 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11339"
            },
            {
              "name": "Submit #832579 | D-Link DWR-M920 1.1.50 Code Injection and Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832579"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formUSSDSetup.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-05T10:23:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11339",
        "datePublished": "2026-06-05T16:30:11.653Z",
        "dateReserved": "2026-06-05T08:18:10.205Z",
        "dateUpdated": "2026-06-09T14:37:14.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10878 (GCVE-0-2026-10878)

    Vulnerability from cvelistv5 – Published: 2026-06-05 00:00 – Updated: 2026-06-05 19:28
    VLAI
    Title
    D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
    Summary
    A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DWR-M920 Affected: 1.1.50
    Affected: 1.1.70
        cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    kkff33 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:27:49.229788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:28:05.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*"
              ],
              "product": "DWR-M920",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.50"
                },
                {
                  "status": "affected",
                  "version": "1.1.70"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "kkff33 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:00:17.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368368 | D-Link DWR-M920 formSmsManage sub_41C8E8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368368"
            },
            {
              "name": "VDB-368368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368368/cti"
            },
            {
              "name": "CVE-2026-10878 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10878"
            },
            {
              "name": "Submit #832154 | D-Link DWR-M920 1.1.50,1.1.70 Command Injection and stack overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832154"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/7u7777/Dlink/blob/DWR-M920/formSmsManage.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T17:45:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DWR-M920 formSmsManage sub_41C8E8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10878",
        "datePublished": "2026-06-05T00:00:17.909Z",
        "dateReserved": "2026-06-04T15:40:34.401Z",
        "dateUpdated": "2026-06-05T19:28:05.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10270 (GCVE-0-2026-10270)

    Vulnerability from cvelistv5 – Published: 2026-06-01 15:30 – Updated: 2026-06-01 19:46
    VLAI
    Title
    D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow
    Summary
    A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 19.09.19A1
        cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Zheng (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10270",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T19:34:34.115670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T19:46:56.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "API"
              ],
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.09.19A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zheng (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T15:30:11.093Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367549 | D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367549"
            },
            {
              "name": "VDB-367549 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367549/cti"
            },
            {
              "name": "CVE-2026-10270 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10270"
            },
            {
              "name": "Submit #825198 | D-Link DI-7001MINI-8G \u003c=19.09.19A1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/825198"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln/tree/main/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T16:18:08.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10270",
        "datePublished": "2026-06-01T15:30:11.093Z",
        "dateReserved": "2026-05-31T14:13:05.202Z",
        "dateUpdated": "2026-06-01T19:46:56.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10206 (GCVE-0-2026-10206)

    Vulnerability from cvelistv5 – Published: 2026-06-01 00:15 – Updated: 2026-06-01 12:07
    VLAI
    Title
    D-Link DI-8400 dbsrv.asp stack-based overflow
    Summary
    A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DI-8400 Affected: 16.07.26A1
        cpe:2.3:h:d-link:di-8400:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Zheng (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10206",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T11:55:26.990831Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T12:07:02.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:di-8400:*:*:*:*:*:*:*:*"
              ],
              "product": "DI-8400",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zheng (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T00:15:08.710Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367486 | D-Link DI-8400 dbsrv.asp stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367486"
            },
            {
              "name": "VDB-367486 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367486/cti"
            },
            {
              "name": "CVE-2026-10206 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10206"
            },
            {
              "name": "Submit #821716 | D-Link DI-8400 \u003c=v16.07.26A1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/821716"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T08:45:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-8400 dbsrv.asp stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10206",
        "datePublished": "2026-06-01T00:15:08.710Z",
        "dateReserved": "2026-05-31T06:40:45.989Z",
        "dateUpdated": "2026-06-01T12:07:02.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-25358 (GCVE-0-2018-25358)

    Vulnerability from cvelistv5 – Published: 2026-05-23 18:30 – Updated: 2026-05-26 14:14
    VLAI
    Title
    D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi
    Summary
    D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-601 Affected: 0 , ≤ 2.02 (custom)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Credits
    Richard Rogerson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25358",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T14:14:12.259990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T14:14:26.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-601",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.02",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Richard Rogerson"
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:41:06.672Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-45002",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/45002"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "http://ca.dlink.com/"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.packetlabs.net"
            },
            {
              "name": "Product Reference",
              "tags": [
                "product"
              ],
              "url": "http://support.dlink.ca/ProductInfo.aspx?m=DIR-601"
            },
            {
              "name": "VulnCheck Advisory: D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-dir601-2-02na-credential-disclosure-via-my-cgi-cgi"
            }
          ],
          "title": "D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25358",
        "datePublished": "2026-05-23T18:30:57.111Z",
        "dateReserved": "2026-05-23T16:48:08.746Z",
        "dateUpdated": "2026-05-26T14:14:26.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8346 (GCVE-0-2026-8346)

    Vulnerability from cvelistv5 – Published: 2026-05-11 23:15 – Updated: 2026-05-12 13:18
    VLAI
    Title
    D-Link DIR-816 portForward command injection
    Summary
    A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/362662 vdb-entrytechnical-description
    https://vuldb.com/vuln/362662/cti signaturepermissions-required
    https://vuldb.com/submit/811380 third-party-advisory
    https://github.com/lipenghai/iot_bug/blob/main/D-… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-816 Affected: 1.10CNB05_R1B011D88210
    Create a notification for this product.
    Credits
    stksgg (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8346",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:18:24.191845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:18:35.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10CNB05_R1B011D88210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "stksgg (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T23:15:13.824Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362662 | D-Link DIR-816 portForward command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362662"
            },
            {
              "name": "VDB-362662 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362662/cti"
            },
            {
              "name": "Submit #811380 | D-Link DIR816 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811380"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/3.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-11T18:29:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-816 portForward command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8346",
        "datePublished": "2026-05-11T23:15:13.824Z",
        "dateReserved": "2026-05-11T16:24:24.012Z",
        "dateUpdated": "2026-05-12T13:18:35.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8345 (GCVE-0-2026-8345)

    Vulnerability from cvelistv5 – Published: 2026-05-11 22:00 – Updated: 2026-05-12 13:20
    VLAI
    Title
    D-Link DIR-816 singlePortForward sub_445E7C command injection
    Summary
    A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/362661 vdb-entrytechnical-description
    https://vuldb.com/vuln/362661/cti signaturepermissions-required
    https://vuldb.com/submit/811379 third-party-advisory
    https://github.com/lipenghai/iot_bug/blob/main/D-… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-816 Affected: 1.10CNB05_R1B011D88210
    Create a notification for this product.
    Credits
    stksgg (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8345",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:20:05.330044Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:20:15.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10CNB05_R1B011D88210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "stksgg (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:00:14.970Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362661 | D-Link DIR-816 singlePortForward sub_445E7C command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362661"
            },
            {
              "name": "VDB-362661 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362661/cti"
            },
            {
              "name": "Submit #811379 | D-Link DIR816 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811379"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/2.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-11T18:29:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-816 singlePortForward sub_445E7C command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8345",
        "datePublished": "2026-05-11T22:00:14.970Z",
        "dateReserved": "2026-05-11T16:24:21.287Z",
        "dateUpdated": "2026-05-12T13:20:15.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8344 (GCVE-0-2026-8344)

    Vulnerability from cvelistv5 – Published: 2026-05-11 21:30 – Updated: 2026-05-17 02:00
    VLAI
    Title
    D-Link DIR-816 formDMZ.cgi sub_445E7C command injection
    Summary
    A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/362660 vdb-entrytechnical-description
    https://vuldb.com/vuln/362660/cti signaturepermissions-required
    https://vuldb.com/submit/811378 third-party-advisory
    https://github.com/lipenghai/iot_bug/blob/main/D-… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-816 Affected: 1.10CNB05_R1B011D88210
        cpe:2.3:h:d-link:dir-816:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    stksgg (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8344",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:08:36.904902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:39:02.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:dir-816:*:*:*:*:*:*:*:*"
              ],
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.10CNB05_R1B011D88210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "stksgg (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T02:00:56.382Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362660 | D-Link DIR-816 formDMZ.cgi sub_445E7C command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362660"
            },
            {
              "name": "VDB-362660 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362660/cti"
            },
            {
              "name": "Submit #811378 | D-Link DIR 878 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811378"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/1.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-12T04:49:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-816 formDMZ.cgi sub_445E7C command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8344",
        "datePublished": "2026-05-11T21:30:12.914Z",
        "dateReserved": "2026-05-11T16:24:15.587Z",
        "dateUpdated": "2026-05-17T02:00:56.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }