CVE-2026-2193

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 version 24.04.18D1

Description A flaw exists in the set jhttpd info function that allows for command injection. Manipulating the usb username argument can lead to remote exploitation.

Recommendations Apply updates to address the issue in the set jhttpd info function. As a temporary workaround, restrict or disable the use of the usb username argument.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

BDU:2026-02477

CVE-2026-2193

Affected Products

Di-7100G

CVE-2026-2193

Weakness Enumeration

Related Identifiers

Affected Products

References · 11