CVE-2026-1448

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 versions up to 4.10

Description A flaw exists in the Web Management Interface component of D-Link DIR-615. Specifically, a manipulation of the ipaddr argument in the /wiz policy 3 machine.php file can lead to os command injection. This allows for remote attacks. The exploit is publicly available. This issue affects products that are no longer supported by the maintainer.

Recommendations Versions prior to 4.10 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.