CVE-2026-1448

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

7.3HIGH

EPSS

0.5%

top 34.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-615 Firmware D-link Dir-615

Timeline

PublishedJan 27

Description

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/dir-615_firmware4.10

▶CVEListV5d-link/dir-61511 versions+10

🔴Vulnerability Details

GHSA

GHSA-346m-7r2c-vvh9: A vulnerability was detected in D-Link DIR-615 up to 4↗2026-01-27

▶

CVEList

D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection↗2026-01-26

▶