CVE-2026-2194
Remote Command Injection in D-Link DI-7100G start_proxy_client_email
Publication date: 2026-02-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | di-7100g_c1_firmware | 24.04.18d1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2194 is a command injection vulnerability found in the D-Link DI-7100G C1 router, version 24.04.18D1. It exists in the function start_proxy_client_email, where the device constructs system commands using input that is not properly sanitized. This allows an attacker to manipulate the input to inject and execute arbitrary commands on the device remotely.
The vulnerability arises because certain configuration parameters are incorporated into command strings without proper validation, enabling attackers to execute malicious commands when the vulnerable function is triggered.
The attack is easy to execute remotely, and a proof-of-concept exploit is publicly available.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely execute arbitrary commands on your D-Link DI-7100G router, potentially leading to full device compromise.
Such an attack can affect the confidentiality, integrity, and availability of the device, meaning sensitive data could be exposed or altered, and the device could be disrupted or controlled by the attacker.
Since the exploit is easy to perform and publicly available, the risk of exploitation is significant if the device remains unpatched or unmitigated.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a command injection flaw in the D-Link DI-7100G C1 router firmware version 24.04.18D1, specifically in the start_proxy_client_email function. Detection involves checking if the device is running the affected firmware and if the vulnerable function or configuration parameters (such as ac_mng_srv_host) can be manipulated.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves injection via NVRAM configuration parameters, you can attempt to query or inspect these parameters remotely if possible, or check for unusual command execution behavior triggered by these parameters.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the resources, but general approaches include:'}, {'type': 'list_item', 'content': "Query the router's firmware version to confirm if it is 24.04.18D1 or C1."}, {'type': 'list_item', 'content': 'Check or dump NVRAM parameters related to ac_mng_srv_host or other configuration fields that might be vulnerable to injection.'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious commands or unexpected remote executions related to the start_proxy_client_email function.'}, {'type': 'paragraph', 'content': 'Because the exploit is remote and easy to execute, monitoring for unusual remote command execution attempts or scanning for the presence of the vulnerable firmware is recommended.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known countermeasures or mitigations available for this vulnerability.
The recommended immediate action is to replace the affected D-Link DI-7100G C1 router running firmware version 24.04.18D1 with an alternative device that is not vulnerable.
Additionally, restrict remote access to the device to prevent exploitation, and monitor network activity for signs of attack.