Home

Description

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-02-07 | Published 2026-02-08 | Updated 2026-02-09 | Assigner VulDB




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 4.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.8AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Command Injection

Injection

Product status

2.15WWb02
affected

Timeline

2026-02-07:Advisory disclosed
2026-02-07:VulDB entry created
2026-02-07:VulDB entry last update

Credits

LonTan0 (VulDB User) reporter

References

vuldb.com/?id.344865 (VDB-344865 | D-Link DIR-600 ssdp.cgi command injection) vdb-entry technical-description

vuldb.com/?ctiid.344865 (VDB-344865 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.751764 (Submit #751764 | D-Link D-Link DIR-600 v2.15WWb02 Remote Arbitrary Command Execution) third-party-advisory

github.com/...ulnerability in ssdpcgi of D-Link DIR‑600.md related

github.com/...ulnerability in ssdpcgi of D-Link DIR‑600.md exploit

www.dlink.com/ product

cve.org (CVE-2026-2163)

nvd.nist.gov (CVE-2026-2163)

Download JSON