CVE-2026-1448
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all D-Link DIR-615 devices in your environment and isolate affected units from critical network segments if possible. Within 7 days: Implement network access controls restricting management interface access to authorized personnel only and monitor for suspicious activity on affected devices. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today