EUVD-2026-20855

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5844

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

CVE-2026-5844 D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

D-Link DIR-882 操作系统命令注入漏洞

The D-Link DIR-882 is a dual-band wireless router produced by D-Link Corporation. The D-Link DIR-882 version 1.01B02 has a vulnerability related to operating system command injection. This vulnerability stems from an error in the sprintf function in the prog.cgi file within the HNAP1...

CVE-2025-60700

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...

CVE-2025-60701

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...

CVE-2025-60700

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

PT-2025-46889

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

D-Link DIR-882 安全漏洞

The D-Link DIR-882 is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-882 DIR882A1FW102B02 version, which originates from a command injection in the prog.cgi and rc binaries, which could lead to the execution of arbitrary commands...

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

CVE-2025-60698

The CVE-2025-60698 issue affects D-Link DIR-882 router firmware DIR882A1_FW102B02, where SetSysLogSettings/IPAddress stored in NVRAM via nvram_safe_set can be read and concatenated into a shell command executed by twsystem() in the rc binary. The root cause is un-sanitized retrieval of nvram valu...

D-Link DIR-882 安全漏洞

The D-Link DIR-882 is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-882 DIR882A1FW102B02 version, which originates from a command injection in the prog.cgi and librcm.so binaries, which could lead to the execution of arbitrary commands...

D-Link DIR-882 安全漏洞

The D-Link DIR-882 is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-882 DIR882A1FW102B02 version, which originates from a command injection in the prog.cgi and rc binaries, which could lead to the execution of arbitrary commands...

CVE-2025-60700

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...

CVE-2025-60700

CVE-2025-60700 (D-Link DIR-882) affects DIR-882 routers running DIR882A1_FW102B02 and later?in the provided docs, the vulnerability lies in prog.cgi and librcm.so. The sub_4455BC function stores user-supplied SetDMZSettings/IPAddress values in NVRAM then DMZ_run reads them, concatenates them into...

D-Link DIR-882 安全漏洞

The D-Link DIR-882 is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-882 DIR882A1FW102B02 version, which originates from a command injection in the prog.cgi and rc binaries, which could lead to the execution of arbitrary commands...

CVE-2025-60676

The CVE-2025-60676 entry concerns the D-Link DIR-878A1 router, firmware FW101B04.bin. Technical details across multiple connected sources confirm an unauthenticated command-injection in prog.cgi SetNetworkSettings, where IPAddress and SubnetMask are directly concatenated into shell commands execu...