Sign-up

ID

VAR-202601-4019


CVE

CVE-2026-1448


TITLE

D-Link Corporation of DIR-615  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002053

DESCRIPTION

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. It can be performed remotely. Exploits have been published and are available in the wild. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-1448 // JVNDB: JVNDB-2026-002053

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615scope:lteversion:4.10

Trust: 1.0

vendor:d linkmodel:dir-615scope:lteversion:dir-615 firmware 4.10 and earlier

Trust: 0.8

vendor:d linkmodel:dir-615scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-615scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002053 // NVD: CVE-2026-1448

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-1448
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-002053
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-1448
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-002053
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-1448
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-002053
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002053 // NVD: CVE-2026-1448

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002053 // NVD: CVE-2026-1448

PATCH

title:Submit #737006url:https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73

Trust: 0.8

sources: JVNDB: JVNDB-2026-002053

EXTERNAL IDS

db:NVDid:CVE-2026-1448

Trust: 2.6

db:VULDBid:342880

Trust: 1.0

db:JVNDBid:JVNDB-2026-002053

Trust: 0.8

sources: JVNDB: JVNDB-2026-002053 // NVD: CVE-2026-1448

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?id.342880

Trust: 1.0

url:https://pentagonal-time-3a7.notion.site/dir-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73

Trust: 1.0

url:https://vuldb.com/?ctiid.342880

Trust: 1.0

url:https://vuldb.com/?submit.737006

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-1448

Trust: 0.8

sources: JVNDB: JVNDB-2026-002053 // NVD: CVE-2026-1448

SOURCES

db:JVNDBid:JVNDB-2026-002053
db:NVDid:CVE-2026-1448

LAST UPDATE DATE

2026-01-30T23:51:15.924000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002053date:2026-01-29T06:59:00
db:NVDid:CVE-2026-1448date:2026-01-28T16:37:25.937

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002053date:2026-01-29T00:00:00
db:NVDid:CVE-2026-1448date:2026-01-27T00:15:50.573