CVE-2026-5844
OS Command Injection in D-Link DIR-882 HNAP1 SetNetworkSettings
Publication date: 2026-04-09
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-882_firmware | 1.01b02 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the D-Link DIR-882 router, specifically in the function sprintf within the prog.cgi file of the HNAP1 SetNetworkSettings Handler component.
The issue arises from improper handling of the IPAddress argument, which allows an attacker to perform OS command injection.
This means that an attacker can remotely execute arbitrary operating system commands on the affected device by manipulating the IPAddress parameter.
The vulnerability has been publicly disclosed and proof-of-concept exploits exist.
It only affects products that are no longer supported by the manufacturer.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary commands on the affected device remotely.
This can lead to full compromise of the device, including unauthorized access, control over network settings, and potential disruption of network services.
Because the device is a network router, this could allow attackers to intercept, modify, or redirect network traffic, potentially compromising the security and privacy of connected devices.
Since the affected products are no longer supported, there may be no official patches or fixes available, increasing the risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability can be approached by using proof-of-concept (PoC) scripts that emulate or demonstrate the exploitation of the command injection flaw in the D-Link DIR-882 device's HNAP1 SetNetworkSettings Handler.
Specifically, the provided resources include Python scripts such as poc_emulated.py and poc_setnetwork_cmdi.py which can be used to test if the device is vulnerable by attempting to inject commands via the IPAddress argument.
While no explicit command-line commands are provided, running these PoC scripts against the target device on the network can help detect the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects devices that are no longer supported by the maintainer, which limits the availability of official patches or firmware updates.
Immediate mitigation steps include restricting remote access to the affected device, especially blocking access to the HNAP1 SetNetworkSettings Handler interface from untrusted networks.
Additionally, network administrators should consider isolating or replacing the vulnerable device with a supported model to eliminate the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.