Sign-up

ID

VAR-202602-0280


CVE

CVE-2026-2152


TITLE

D-Link Corporation of DIR-615  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003525

DESCRIPTION

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. Exploits are publicly available and can be exploited in the wild. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2152 // JVNDB: JVNDB-2026-003525

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615scope:eqversion:4.10

Trust: 1.0

vendor:d linkmodel:dir-615scope:eqversion:dir-615 firmware 4.10

Trust: 0.8

vendor:d linkmodel:dir-615scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-615scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-003525 // NVD: CVE-2026-2152

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2152
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003525
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2152
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003525
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2152
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-003525
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003525 // NVD: CVE-2026-2152

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003525 // NVD: CVE-2026-2152

PATCH

title:Submit #748032url:https://pentagonal-time-3a7.notion.site/DIR-615-routing-command-injection-2f6e5dd4c5a580089587f5e78a1bbf70?pvs=74

Trust: 0.8

sources: JVNDB: JVNDB-2026-003525

EXTERNAL IDS

db:NVDid:CVE-2026-2152

Trust: 2.6

db:VULDBid:344854

Trust: 1.0

db:JVNDBid:JVNDB-2026-003525

Trust: 0.8

sources: JVNDB: JVNDB-2026-003525 // NVD: CVE-2026-2152

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://pentagonal-time-3a7.notion.site/dir-615-routing-command-injection-2f6e5dd4c5a580089587f5e78a1bbf70?pvs=74

Trust: 1.0

url:https://vuldb.com/?id.344854

Trust: 1.0

url:https://vuldb.com/?submit.748032

Trust: 1.0

url:https://vuldb.com/?ctiid.344854

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2152

Trust: 0.8

sources: JVNDB: JVNDB-2026-003525 // NVD: CVE-2026-2152

SOURCES

db:JVNDBid:JVNDB-2026-003525
db:NVDid:CVE-2026-2152

LAST UPDATE DATE

2026-02-15T23:36:25.057000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003525date:2026-02-13T07:58:00
db:NVDid:CVE-2026-2152date:2026-02-11T18:45:20.223

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003525date:2026-02-13T00:00:00
db:NVDid:CVE-2026-2152date:2026-02-08T13:16:03.507