PT-2026-7001 · D Link · D-Link Dwr-M921
Lx-66-Lx
·
Published
2026-02-08
·
Updated
2026-02-08
·
CVE-2026-2168
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DWR-M921 version 1.1.50
Description
A flaw exists in D-Link DWR-M921 version 1.1.50 related to command injection. The issue is located in the
sub 419920 function of the /boafrm/formLtefotaUpgradeQuectel file. Manipulation of the fota url argument can lead to remote code execution. The exploit for this issue has been published.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Command Injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dwr-M921