CVE-2026-2152
OS Command Injection in D-Link DIR-615 Web Interface
Publication date: 2026-02-08
Last updated on: 2026-02-11
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-615_firmware | 4.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2152 is an OS command injection vulnerability found in the D-Link DIR-615 router, version 4.10, specifically in the Web Configuration Interface file adv_routing.php.
The vulnerability occurs because the input parameters for static routing settingsβDestination IP, Subnet Mask, and Gateway IPβare not properly sanitized before being used in backend shell commands.
An authenticated user with administrative access can inject arbitrary shell commands by including special shell characters in these fields, which are then executed with root privileges on the device.
This allows full system compromise of the affected device.
How can this vulnerability impact me? :
Exploitation of this vulnerability allows an attacker with administrative access to execute arbitrary OS commands on the affected router with root privileges.
This can lead to full system compromise, impacting the confidentiality, integrity, and availability of the device and potentially the network it manages.
Since the router controls network routing, an attacker could manipulate network traffic, disrupt services, or use the device as a foothold for further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the device is a D-Link DIR-615 router running firmware version 4.10 and if the Web Configuration Interface contains the adv_routing.php page.'}, {'type': 'paragraph', 'content': 'One detection method is to look for the presence of the vulnerable page using network scanning or web reconnaissance techniques, such as using Google dorking with the query "inurl:adv_routing.php" to find exposed devices.'}, {'type': 'paragraph', 'content': "Since the vulnerability requires authentication and involves manipulation of the static routing parameters (dest_ip, submask, gw), commands or scripts that attempt to inject shell metacharacters into these fields and observe the device's response could be used for detection in a controlled environment."}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the resources, but network administrators can check for devices matching the vulnerable model and firmware version and verify if the adv_routing.php interface is accessible.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps are limited because the affected product is no longer supported by the vendor, and no known mitigations or countermeasures have been published.'}, {'type': 'paragraph', 'content': 'It is recommended to restrict access to the Web Configuration Interface, especially the adv_routing.php page, by limiting network access to trusted administrators only.'}, {'type': 'paragraph', 'content': "Ensure that only authorized users with administrative privileges can access the device's configuration interface to prevent exploitation."}, {'type': 'paragraph', 'content': 'If possible, consider replacing or upgrading the device to a supported model or firmware version that does not contain this vulnerability.'}] [2]