HIGHCVE-2026-5844Published 2026-04-09Modified 2026-04-09CNA VulDB

CVE-2026-5844: D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

D-Link / DIR-882
1.01B02

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-356329 | D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection
VDB-356329 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #790290 | D-Link DIR-882 1.01B02 OS Command Injection
files.catbox.moe
dlink.com

Metrics