CVE-2026-2085 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dlink	Dwr-M921 Firmware	1.1.50
Dlink	Dwr-M921	-

Related Weaknesses (CWE)

CWE-74 CWE-77

References

https://github.com/LX-66-LX/cve-new/issues/1ExploitIssue Tracking
https://github.com/LX-66-LX/cve-new/issues/1#issue-3851345029ExploitIssue Tracking
https://vuldb.com/?ctiid.344652Permissions RequiredVDB Entry
https://vuldb.com/?id.344652Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.746400Third Party AdvisoryVDB Entry
https://www.dlink.com/Product

FAQ

What is CVE-2026-2085?

CVE-2026-2085 is a vulnerability with a CVSS score of 7.2 (HIGH). A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulati...

How severe is CVE-2026-2085?

CVE-2026-2085 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-2085?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dwr-M921 Firmware, Dlink Dwr-M921.