CVE-2026-2163

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-600 versions prior to 2.15WWb02

Description A flaw exists in D-Link DIR-600 firmware up to version 2.15WWb02 related to the ssdp.cgi file. Manipulation of the HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID argument can lead to command injection. This issue is remotely exploitable. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations Update to a version prior to 2.15WWb02.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

BDU:2026-02473

CVE-2026-2163

Affected Products

Dir-600M

CVE-2026-2163

Weakness Enumeration

Related Identifiers

Affected Products

References · 12