D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection_CVE-2026-1448

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2026-1448

Source VulDB

Published Jan 26, 2026 at 23:32

Affected Product

Vendor D-Link

Product DIR-615

Version 4.0

Affected Versions D-Link DIR-615 4.0
D-Link DIR-615 4.1
D-Link DIR-615 4.2
D-Link DIR-615 4.3
D-Link DIR-615 4.4
D-Link DIR-615 4.5
D-Link DIR-615 4.6
D-Link DIR-615 4.7
D-Link DIR-615 4.8
D-Link DIR-615 4.9
D-Link DIR-615 4.10

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-01-26T23:32:08.743Z",
    "modified": "2026-01-26T23:32:08.743Z",
    "type": "cve",
    "title": "D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.342880\nhttps://vuldb.com/?ctiid.342880\nhttps://vuldb.com/?submit.737006\nhttps://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73\nhttps://www.dlink.com/",
    "id": "CVE-2026-1448",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-615 4.0\nD-Link DIR-615 4.1\nD-Link DIR-615 4.2\nD-Link DIR-615 4.3\nD-Link DIR-615 4.4\nD-Link DIR-615 4.5\nD-Link DIR-615 4.6\nD-Link DIR-615 4.7\nD-Link DIR-615 4.8\nD-Link DIR-615 4.9\nD-Link DIR-615 4.10",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-615",
    "version": "4.0",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}