CVE-2026-4465 — Command Injection in D-link Dir-513

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 74.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-513 Dlink Dir-513 Firmware

Timeline

PublishedMar 20

Description

A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dir-5131.10

▶NVDdlink/dir-513_firmware1.10

🔴Vulnerability Details

CVEList

D-Link DIR-513 formSysCmd os command injection↗2026-03-20

▶

GHSA

GHSA-fwhx-w56v-j34j: A flaw has been found in D-Link DIR-513 1↗2026-03-20

▶