PT-2026-6994 · D Link · Dir-600M

Lontan0

Publicado

2026-02-04

Atualizado

2026-02-08

CVE-2026-2163

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-600 versions prior to 2.15WWb02

Description A flaw exists in D-Link DIR-600 firmware up to version 2.15WWb02 related to the ssdp.cgi file. Manipulation of the HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID argument can lead to command injection. This issue is remotely exploitable. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations Update to a version prior to 2.15WWb02.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

BDU:2026-02473

CVE-2026-2163

Produtos afetados

Dir-600M

PT-2026-6994 · D Link · Dir-600M

CVE-2026-2163

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12