Vulnerability Description
A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-600 Firmware | <= 2.15wwb02 |
| Dlink | Dir-600 | - |
Related Weaknesses (CWE)
References
- https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20ExecutioExploitThird Party Advisory
- https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20ExecutioExploitThird Party Advisory
- https://vuldb.com/?ctiid.344865Permissions RequiredVDB Entry
- https://vuldb.com/?id.344865Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.751764Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
FAQ
What is CVE-2026-2163?
CVE-2026-2163 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER...
How severe is CVE-2026-2163?
CVE-2026-2163 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2163?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-600 Firmware, Dlink Dir-600.