CVE-2026-2152
Analyzed Analyzed - Analysis Complete
OS Command Injection in D-Link DIR-615 Web Interface

Publication date: 2026-02-08

Last updated on: 2026-02-11

Assigner: VulDB

Description
A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/Β submask/Β gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-08
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-08
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2152
EUVD
EUVD-2026-5797
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-615_firmware 4.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2152 is an OS command injection vulnerability found in the D-Link DIR-615 router, version 4.10, specifically in the Web Configuration Interface file adv_routing.php.

The vulnerability occurs because the input parameters for static routing settingsβ€”Destination IP, Subnet Mask, and Gateway IPβ€”are not properly sanitized before being used in backend shell commands.

An authenticated user with administrative access can inject arbitrary shell commands by including special shell characters in these fields, which are then executed with root privileges on the device.

This allows full system compromise of the affected device.

Impact Analysis

Exploitation of this vulnerability allows an attacker with administrative access to execute arbitrary OS commands on the affected router with root privileges.

This can lead to full system compromise, impacting the confidentiality, integrity, and availability of the device and potentially the network it manages.

Since the router controls network routing, an attacker could manipulate network traffic, disrupt services, or use the device as a foothold for further attacks.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the device is a D-Link DIR-615 router running firmware version 4.10 and if the Web Configuration Interface contains the adv_routing.php page.'}, {'type': 'paragraph', 'content': 'One detection method is to look for the presence of the vulnerable page using network scanning or web reconnaissance techniques, such as using Google dorking with the query "inurl:adv_routing.php" to find exposed devices.'}, {'type': 'paragraph', 'content': "Since the vulnerability requires authentication and involves manipulation of the static routing parameters (dest_ip, submask, gw), commands or scripts that attempt to inject shell metacharacters into these fields and observe the device's response could be used for detection in a controlled environment."}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the resources, but network administrators can check for devices matching the vulnerable model and firmware version and verify if the adv_routing.php interface is accessible.'}] [2]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps are limited because the affected product is no longer supported by the vendor, and no known mitigations or countermeasures have been published.'}, {'type': 'paragraph', 'content': 'It is recommended to restrict access to the Web Configuration Interface, especially the adv_routing.php page, by limiting network access to trusted administrators only.'}, {'type': 'paragraph', 'content': "Ensure that only authorized users with administrative privileges can access the device's configuration interface to prevent exploitation."}, {'type': 'paragraph', 'content': 'If possible, consider replacing or upgrading the device to a supported model or firmware version that does not contain this vulnerability.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2152. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart