PT-2026-7027

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 version 24.04.18D1 Description A flaw exists in the start proxy client email function that can allow for command injection. This issue can be exploited remotely. Recommendations At the moment, there is no information about a...

PT-2026-6943

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X version 250416 related to the processing of input for the file /goform/set ac status. Manipulation of the ac ipaddr, ac ipstatus, and ap randtime arguments can lead to...

PT-2026-6979

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists in the DMZ Host Feature of the D-Link DIR-615. Specifically, the issue resides within the adv firewall.php file. Manipulation of the dmz ipaddr argument can lead to operating system command...

PT-2026-6961

Name of the Vulnerable Software and Affected Versions UTT HiPER 810 version 1.7.4-141218 Description A flaw exists in UTT HiPER 810 that allows for remote command injection. The issue is located in the sub 43F020 function within the /goform/formPdbUpConfig file. Manipulation of the policyNames...

PT-2026-6939

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the Configuration Parameter Handler component of D-Link DIR-823X version 250416. The issue stems from manipulating the terminal addr, server ip, and server port arguments within the...

PT-2026-6980

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists within the Web Configuration Interface of the D-Link DIR-615, specifically in the adv routing.php file. Manipulation of the dest ip, submask, and gw arguments can lead to os command...

PT-2026-6994

Name of the Vulnerable Software and Affected Versions D-Link DIR-600 versions prior to 2.15WWb02 Description A flaw exists in D-Link DIR-600 firmware up to version 2.15WWb02 related to the ssdp.cgi file. Manipulation of the HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID argument can lead to command...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-2061

A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub424D20 of the file /goform/setipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2063

A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/setacserver of the component Web Management Interface. The manipulation of the argument acserver results in os command injection. The attack can be launched remotely. The...

CVE-2026-2085

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

CVE-2026-2085

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...

EUVD-2026-5729

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

CVE-2026-2084

CVE-2026-2084 affects D-Link DIR-823X (version 250416). A vulnerability in /goform/set_language arises from manipulating the langSelection argument, enabling OS command injection. Attack can be launched remotely and exploits are publicly available. Red Hat/NVD entries confirm the same details; PT...

CVE-2026-2082

A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/setmacclone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2026-2081

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2026-2081

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2026-2082

A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/setmacclone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used...