CVE-2026-11341

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub 412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-11341

Affected Products

Dwr-M920

CVE-2026-11341

Weakness Enumeration

Related Identifiers

Affected Products

References · 7