Sign-up

ID

VAR-202601-3982


CVE

CVE-2026-1505


TITLE

D-Link Corporation of DIR-615  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002442

DESCRIPTION

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. An exploit for this vulnerability has been published and is available in the wild. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-1505 // JVNDB: JVNDB-2026-002442

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615scope:eqversion:4.10

Trust: 1.0

vendor:d linkmodel:dir-615scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-615scope:eqversion:dir-615 firmware 4.10

Trust: 0.8

vendor:d linkmodel:dir-615scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002442 // NVD: CVE-2026-1505

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-1505
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-002442
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-1505
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-002442
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-1505
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-002442
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002442 // NVD: CVE-2026-1505

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002442 // NVD: CVE-2026-1505

PATCH

title:Submit #737061url:https://pentagonal-time-3a7.notion.site/D-Link-DIR-615-2e7e5dd4c5a580109a14fdeb6f105cd6

Trust: 0.8

sources: JVNDB: JVNDB-2026-002442

EXTERNAL IDS

db:NVDid:CVE-2026-1505

Trust: 2.6

db:VULDBid:343117

Trust: 1.0

db:JVNDBid:JVNDB-2026-002442

Trust: 0.8

sources: JVNDB: JVNDB-2026-002442 // NVD: CVE-2026-1505

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?submit.737061

Trust: 1.0

url:https://pentagonal-time-3a7.notion.site/d-link-dir-615-2e7e5dd4c5a580109a14fdeb6f105cd6

Trust: 1.0

url:https://vuldb.com/?ctiid.343117

Trust: 1.0

url:https://vuldb.com/?id.343117

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-1505

Trust: 0.8

sources: JVNDB: JVNDB-2026-002442 // NVD: CVE-2026-1505

SOURCES

db:JVNDBid:JVNDB-2026-002442
db:NVDid:CVE-2026-1505

LAST UPDATE DATE

2026-02-04T23:12:02.673000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002442date:2026-02-02T10:37:00
db:NVDid:CVE-2026-1505date:2026-01-30T21:47:30.330

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002442date:2026-02-02T00:00:00
db:NVDid:CVE-2026-1505date:2026-01-28T02:16:00.083