Executive Summary

CVE-2026-2194 is a command injection vulnerability found in the D-Link DI-7100G C1 router, version 24.04.18D1. It exists in the function start_proxy_client_email, where the device constructs system commands using input that is not properly sanitized. This allows an attacker to manipulate the input to inject and execute arbitrary commands on the device remotely.

The vulnerability arises because certain configuration parameters are incorporated into command strings without proper validation, enabling attackers to execute malicious commands when the vulnerable function is triggered.

The attack is easy to execute remotely, and a proof-of-concept exploit is publicly available.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker to remotely execute arbitrary commands on your D-Link DI-7100G router, potentially leading to full device compromise.

Such an attack can affect the confidentiality, integrity, and availability of the device, meaning sensitive data could be exposed or altered, and the device could be disrupted or controlled by the attacker.

Since the exploit is easy to perform and publicly available, the risk of exploitation is significant if the device remains unpatched or unmitigated.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a command injection flaw in the D-Link DI-7100G C1 router firmware version 24.04.18D1, specifically in the start_proxy_client_email function. Detection involves checking if the device is running the affected firmware and if the vulnerable function or configuration parameters (such as ac_mng_srv_host) can be manipulated.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves injection via NVRAM configuration parameters, you can attempt to query or inspect these parameters remotely if possible, or check for unusual command execution behavior triggered by these parameters.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the resources, but general approaches include:'}, {'type': 'list_item', 'content': "Query the router's firmware version to confirm if it is 24.04.18D1 or C1."}, {'type': 'list_item', 'content': 'Check or dump NVRAM parameters related to ac_mng_srv_host or other configuration fields that might be vulnerable to injection.'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious commands or unexpected remote executions related to the start_proxy_client_email function.'}, {'type': 'paragraph', 'content': 'Because the exploit is remote and easy to execute, monitoring for unusual remote command execution attempts or scanning for the presence of the vulnerable firmware is recommended.'}] [1, 3]

Useful 0 Not Useful 0

Mitigation Strategies

Currently, there are no known countermeasures or mitigations available for this vulnerability.

The recommended immediate action is to replace the affected D-Link DI-7100G C1 router running firmware version 24.04.18D1 with an alternative device that is not vulnerable.

Additionally, restrict remote access to the device to prevent exploitation, and monitor network activity for signs of attack.

Useful 0 Not Useful 0