CVE-2026-2152
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all D-Link DIR-615 devices in your environment and isolate them from untrusted networks; disable remote management access if enabled. Within 7 days: Restrict web interface access to authorized administrative networks only using firewall rules; monitor router logs for suspicious configuration changes. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today