D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2026-5844

Source VulDB

Published Apr 9, 2026 at 04:45

Modified Apr 9, 2026 at 12:41

Affected Product

Vendor D-Link

Product DIR-882

Version 1.01B02

Affected Versions D-Link DIR-882 1.01B02

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-04-09T04:45:13.697Z",
    "modified": "2026-04-09T12:41:29.493Z",
    "type": "cve",
    "title": "D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356329\nhttps://vuldb.com/vuln/356329/cti\nhttps://vuldb.com/submit/790290\nhttps://files.catbox.moe/ei31k1.zip\nhttps://www.dlink.com/",
    "id": "CVE-2026-5844",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-882 1.01B02",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-882",
    "version": "1.01B02",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection_CVE-2026-5844