Sign-up

ID

VAR-202601-4142


CVE

CVE-2026-1506


TITLE

D-Link Corporation of DIR-615  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002441

DESCRIPTION

A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-1506 // JVNDB: JVNDB-2026-002441

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615scope:eqversion:4.10

Trust: 1.0

vendor:d linkmodel:dir-615scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-615scope:eqversion:dir-615 firmware 4.10

Trust: 0.8

vendor:d linkmodel:dir-615scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002441 // NVD: CVE-2026-1506

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-1506
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-002441
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-1506
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-002441
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-1506
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-002441
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002441 // NVD: CVE-2026-1506

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002441 // NVD: CVE-2026-1506

PATCH

title:Dlink DIR-615 v4.10 OS Command Injectionurl:https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091b027f50271cc7c6a

Trust: 0.8

sources: JVNDB: JVNDB-2026-002441

EXTERNAL IDS

db:NVDid:CVE-2026-1506

Trust: 2.6

db:VULDBid:343118

Trust: 1.0

db:JVNDBid:JVNDB-2026-002441

Trust: 0.8

sources: JVNDB: JVNDB-2026-002441 // NVD: CVE-2026-1506

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?id.343118

Trust: 1.0

url:https://pentagonal-time-3a7.notion.site/dir-615-mac_filter-2e7e5dd4c5a58091b027f50271cc7c6a

Trust: 1.0

url:https://vuldb.com/?submit.737078

Trust: 1.0

url:https://vuldb.com/?ctiid.343118

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-1506

Trust: 0.8

sources: JVNDB: JVNDB-2026-002441 // NVD: CVE-2026-1506

SOURCES

db:JVNDBid:JVNDB-2026-002441
db:NVDid:CVE-2026-1506

LAST UPDATE DATE

2026-02-04T23:11:05.168000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002441date:2026-02-02T10:37:00
db:NVDid:CVE-2026-1506date:2026-01-30T21:46:35.937

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002441date:2026-02-02T00:00:00
db:NVDid:CVE-2026-1506date:2026-01-28T03:15:50.367