CVE-2026-5844
Received Received - Intake
OS Command Injection in D-Link DIR-882 HNAP1 SetNetworkSettings

Publication date: 2026-04-09

Last updated on: 2026-04-30

Assigner: VulDB

Description
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5844
EUVD
EUVD-2026-20855
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-882_firmware 1.01b02
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the D-Link DIR-882 router, specifically in the function sprintf within the prog.cgi file of the HNAP1 SetNetworkSettings Handler component.

The issue arises from improper handling of the IPAddress argument, which allows an attacker to perform OS command injection.

This means that an attacker can remotely execute arbitrary operating system commands on the affected device by manipulating the IPAddress parameter.

The vulnerability has been publicly disclosed and proof-of-concept exploits exist.

It only affects products that are no longer supported by the manufacturer.

Impact Analysis

An attacker exploiting this vulnerability can execute arbitrary commands on the affected device remotely.

This can lead to full compromise of the device, including unauthorized access, control over network settings, and potential disruption of network services.

Because the device is a network router, this could allow attackers to intercept, modify, or redirect network traffic, potentially compromising the security and privacy of connected devices.

Since the affected products are no longer supported, there may be no official patches or fixes available, increasing the risk.

Detection Guidance

Detection of this vulnerability can be approached by using proof-of-concept (PoC) scripts that emulate or demonstrate the exploitation of the command injection flaw in the D-Link DIR-882 device's HNAP1 SetNetworkSettings Handler.

Specifically, the provided resources include Python scripts such as poc_emulated.py and poc_setnetwork_cmdi.py which can be used to test if the device is vulnerable by attempting to inject commands via the IPAddress argument.

While no explicit command-line commands are provided, running these PoC scripts against the target device on the network can help detect the vulnerability.

Mitigation Strategies

The vulnerability affects devices that are no longer supported by the maintainer, which limits the availability of official patches or firmware updates.

Immediate mitigation steps include restricting remote access to the affected device, especially blocking access to the HNAP1 SetNetworkSettings Handler interface from untrusted networks.

Additionally, network administrators should consider isolating or replacing the vulnerable device with a supported model to eliminate the risk of exploitation.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5844. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart