CVE-2026-11341
6.3 MEDIUMA flaw has been found in D-Link DWR-M920 up to 1.1.50
Published: 2026-06-05 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-77, CWE-78
Description
A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11341
- [Other]https://github.com/7u7777/Dlink/blob/DWR-M920/formIMEISetup.md
- [Other]https://vuldb.com/cve/CVE-2026-11341
- [Other]https://vuldb.com/submit/832593
- [Other]https://vuldb.com/vuln/368882
- [Other]https://vuldb.com/vuln/368882/cti
- [Other]https://www.dlink.com/
Related CVEs
Same CWE
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-42563 — Dulwich is a pure-Python implementation of the Git file formats and protocols
- CVE-2026-0273 — A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrict...
- CVE-2026-6893 — A flaw was found in dracut (8.8 HIGH)
- CVE-2026-46643 — Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page