Vulnerability Description
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-615 Firmware | <= 4.10 |
| Dlink | Dir-615 | - |
Related Weaknesses (CWE)
References
- https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35ExploitThird Party Advisory
- https://vuldb.com/?ctiid.342880Permissions RequiredVDB Entry
- https://vuldb.com/?id.342880Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.737006Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
FAQ
What is CVE-2026-1448?
CVE-2026-1448 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation o...
How severe is CVE-2026-1448?
CVE-2026-1448 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1448?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-615 Firmware, Dlink Dir-615.