EUVD-2026-13800
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Analysis
An OS command injection vulnerability exists in the D-Link DIR-820LW router firmware version 2.03, specifically in the ssdpcgi_main function of the SSDP component. The vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands via manipulation of the HTTP_ST environment variable. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all DIR-820LW routers in your environment and isolate them from critical network segments; document inventory and access points. Within 7 days: Implement network-based mitigations (WAF rules blocking HTTP_ST manipulation, restricted access to SSDP ports); begin evaluation of router replacement options. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today