D-Link DIR-822 CVE-2026-7067

Q: What is the CVSS score of CVE-2026-7067?

CVE-2026-7067 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.8%.

MEDIUM

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2026-04-27 cna@vuldb.com

Command Injection D-Link

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

Analysis Generated

Apr 27, 2026 - 00:30 vuln.today

Analysis Generated

Apr 27, 2026 - 00:22 vuln.today

CVE Published

Apr 27, 2026 - 00:16 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Command injection in D-Link DIR-822 A_101 udhcpd DHCP service allows remote unauthenticated attackers to execute arbitrary commands via a malicious Hostname parameter in DHCP requests. The vulnerability affects an end-of-life product with publicly disclosed exploit code available, creating significant risk for organizations unable to migrate away from legacy hardware.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-4377 MEDIUM This Month

6.0 May 28

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network atta

CVE-2026-7067 vulnerability details – vuln.today

Back

D-Link DIR-822 CVE-2026-7067

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

D-Link DIR-822 CVE-2026-7067

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code