CVE-2026-0732Injection in D-link Di-8200g

CWE-74InjectionCWE-77Command Injection4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Di-8200gDlink Di-8200g Firmware
Timeline
PublishedJan 9
Latest updateJan 26

Description

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/di-8200g17.12.20A1
NVDdlink/di-8200g_firmware17.12.20a1

🔴Vulnerability Details

2
GHSA
GHSA-w56p-x8x5-446c: A vulnerability was found in D-Link DI-8200G 172026-01-09
CVEList
D-Link DI-8200G upgrade_filter.asp command injection2026-01-08

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-Link upgrade_filter.asp path Parameter Command Injection Attempt (CVE-2026-0732)2026-01-26
CVE-2026-0732 — Injection in D-link Di-8200g | cvebase