CVE-2026-2163

Опубликовано: 08 фев. 2026

Источник: nvd

CVSS3: 4.7

CVSS3: 7.2

CVSS2: 5.8

EPSS Низкий

Описание

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md
Exploit
Third Party Advisory
https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md#poc
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.344865
Permissions Required
VDB Entry
https://vuldb.com/?id.344865
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.751764
Third Party Advisory
VDB Entry
https://www.dlink.com/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*

Версия до 2.15wwb02 (включая)

cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.05172

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

CWE-77

Связанные уязвимости

GHSA-gfr2-w843-rf3v

CVSS3: 4.7

github

5 месяцев назад

BDU:2026-02473

CVSS3: 7.2

fstec

5 месяцев назад

Уязвимость файла ssdp.cgi микропрограммного обеспечения маршрутизаторов D-Link DIR-600 B5, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 91%

0.05172

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

CWE-77