Sign-up

ID

VAR-202602-0357


CVE

CVE-2026-2151


TITLE

D-Link Corporation of DIR-615  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003534

DESCRIPTION

A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. adv_firewall.php Affects specific parts of a file. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2151 // JVNDB: JVNDB-2026-003534

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615scope:eqversion:4.10

Trust: 1.0

vendor:d linkmodel:dir-615scope:eqversion:dir-615 firmware 4.10

Trust: 0.8

vendor:d linkmodel:dir-615scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-615scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-003534 // NVD: CVE-2026-2151

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2151
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003534
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2151
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003534
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2151
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-003534
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003534 // NVD: CVE-2026-2151

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003534 // NVD: CVE-2026-2151

PATCH

title:Submit #748031url:https://pentagonal-time-3a7.notion.site/DIR-615-OS-Command-Injection-2f6e5dd4c5a58053b2b4f166c2a503ba

Trust: 0.8

sources: JVNDB: JVNDB-2026-003534

EXTERNAL IDS

db:NVDid:CVE-2026-2151

Trust: 2.6

db:VULDBid:344853

Trust: 1.0

db:JVNDBid:JVNDB-2026-003534

Trust: 0.8

sources: JVNDB: JVNDB-2026-003534 // NVD: CVE-2026-2151

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://pentagonal-time-3a7.notion.site/dir-615-os-command-injection-2f6e5dd4c5a58053b2b4f166c2a503ba

Trust: 1.0

url:https://vuldb.com/?id.344853

Trust: 1.0

url:https://vuldb.com/?ctiid.344853

Trust: 1.0

url:https://vuldb.com/?submit.748031

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2151

Trust: 0.8

sources: JVNDB: JVNDB-2026-003534 // NVD: CVE-2026-2151

SOURCES

db:JVNDBid:JVNDB-2026-003534
db:NVDid:CVE-2026-2151

LAST UPDATE DATE

2026-02-15T23:46:55.189000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003534date:2026-02-13T07:58:00
db:NVDid:CVE-2026-2151date:2026-02-11T18:45:45.703

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003534date:2026-02-13T00:00:00
db:NVDid:CVE-2026-2151date:2026-02-08T12:15:52.813