Sign-up

ID

VAR-202602-0401


CVE

CVE-2026-2163


TITLE

D-Link Corporation of DIR-600  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003517

DESCRIPTION

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2163 // JVNDB: JVNDB-2026-003517

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-600scope:lteversion:2.15wwb02

Trust: 1.0

vendor:d linkmodel:dir-600scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-600scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-600scope:lteversion:dir-600 firmware 2.15wwb02 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2026-003517 // NVD: CVE-2026-2163

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2163
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-2163
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003517
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2163
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003517
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2163
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-2163
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-003517
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003517 // NVD: CVE-2026-2163 // NVD: CVE-2026-2163

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003517 // NVD: CVE-2026-2163

PATCH

title:CVE-2026-2163 D-Link DIR-600 ssdp.cgi command injection (EUVD-2026-5786)url:https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-003517

EXTERNAL IDS

db:NVDid:CVE-2026-2163

Trust: 2.6

db:VULDBid:344865

Trust: 1.0

db:JVNDBid:JVNDB-2026-003517

Trust: 0.8

sources: JVNDB: JVNDB-2026-003517 // NVD: CVE-2026-2163

REFERENCES

url:https://www.dlink.com/

Trust: 1.8

url:https://github.com/lontan0/cve/blob/main/remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi%20of%20d-link%20dir%e2%80%91600.md#poc

Trust: 1.0

url:https://vuldb.com/?submit.751764

Trust: 1.0

url:https://vuldb.com/?ctiid.344865

Trust: 1.0

url:https://github.com/lontan0/cve/blob/main/remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi%20of%20d-link%20dir%e2%80%91600.md

Trust: 1.0

url:https://vuldb.com/?id.344865

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2163

Trust: 0.8

sources: JVNDB: JVNDB-2026-003517 // NVD: CVE-2026-2163

SOURCES

db:JVNDBid:JVNDB-2026-003517
db:NVDid:CVE-2026-2163

LAST UPDATE DATE

2026-02-15T23:31:27.592000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003517date:2026-02-13T07:57:00
db:NVDid:CVE-2026-2163date:2026-02-11T18:43:40.487

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003517date:2026-02-13T00:00:00
db:NVDid:CVE-2026-2163date:2026-02-08T17:15:58.210