CVE-2026-4499
OS Command Injection in D-Link DIR-820LW SSDP Component
Publication date: 2026-03-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-820lw_firmware | 2.03 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows a remote attacker to execute arbitrary operating system commands on the affected router without any authentication or user interaction. This can lead to unauthorized control over the device, potentially allowing the attacker to disrupt network operations, steal sensitive information, or use the device as a foothold for further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability exists in the D-Link DIR-820LW router, specifically in the 'ssdpcgi_main' function of the SSDP component. It is an OS command injection flaw that occurs because the 'HTTP_ST' environment variable is improperly handled. An attacker can exploit this by injecting arbitrary operating system commands remotely, which the device then executes."}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability in the D-Link DIR-820LW router firmware version B2.03 is exploitable via the 'HTTP_ST' environment variable in the 'ssdpcgi_main' function, allowing OS command injection."}, {'type': 'paragraph', 'content': "To detect this vulnerability on your network or system, you can monitor HTTP requests to the router for suspicious or malformed 'HTTP_ST' headers that may attempt command injection."}, {'type': 'paragraph', 'content': "A practical approach is to use network traffic analysis tools like tcpdump or Wireshark to capture HTTP traffic to the router and filter for unusual 'HTTP_ST' header values."}, {'type': 'paragraph', 'content': "Example command to capture HTTP traffic on the router's IP (replace <router_ip> with actual IP):"}, {'type': 'list_item', 'content': 'tcpdump -i any host <router_ip> and tcp port 80 -A | grep HTTP_ST'}, {'type': 'paragraph', 'content': "Additionally, you can attempt to send crafted HTTP requests with injected commands in the 'HTTP_ST' header to test if the device is vulnerable, but only in a controlled and authorized environment."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps for this OS command injection vulnerability in the D-Link DIR-820LW router include:'}, {'type': 'list_item', 'content': "Restrict remote access to the router's management interface to trusted networks only."}, {'type': 'list_item', 'content': 'Disable or limit SSDP services if not required, as the vulnerability is in the SSDP component.'}, {'type': 'list_item', 'content': "Monitor network traffic for suspicious HTTP requests targeting the 'HTTP_ST' environment variable."}, {'type': 'list_item', 'content': 'Apply any available firmware updates or patches from D-Link addressing this vulnerability once released.'}, {'type': 'list_item', 'content': 'If no patch is available, consider isolating the device from untrusted networks to prevent remote exploitation.'}] [1]