CVE-2026-1505

HighPublic PoCRCE

Published: 28 January 2026

Published

28 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0068 71.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1505 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dir-615 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

OS command injection in public-facing router web component (set_temp_nodes.php) enables remote exploitation of the application and arbitrary Unix shell command execution for privilege escalation to full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been…

made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-1505 is an OS command injection vulnerability (CWE-77, CWE-78) in the URL Filter component of D-Link DIR-615 firmware version 4.10, specifically affecting the processing of the /set_temp_nodes.php file. The flaw allows manipulation that injects arbitrary operating system commands, with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). It impacts only products that are no longer supported by the maintainer.

The vulnerability is exploitable remotely over the network with low attack complexity and no user interaction required, but it demands high privileges (PR:H), such as administrative access to the device. Successful exploitation enables attackers to achieve high-impact confidentiality, integrity, and availability violations, potentially allowing full compromise of the router through arbitrary command execution.

Advisories from sources like VulDB indicate no patches are available, as the affected D-Link DIR-615 devices are end-of-life and unsupported. Mitigation relies on network segmentation, access controls to restrict privileged access, or device replacement. The exploit has been publicly disclosed and could be weaponized.

Notable context includes the public availability of the exploit, increasing risk for exposed legacy deployments, though no confirmed real-world exploitation has been reported in the provided details.

Details

CWE(s): CWE-77 CWE-78

Affected Products

dlink

dir-615 firmware

4.10

CVEs Like This One

CVE-2026-2152Same product: Dlink Dir-615

CVE-2026-2151Same product: Dlink Dir-615

CVE-2026-1506Same product: Dlink Dir-615

CVE-2026-1448Same product: Dlink Dir-615

CVE-2026-2175Same vendor: Dlink

CVE-2026-2210Same vendor: Dlink

CVE-2026-2260Same vendor: Dlink

CVE-2026-2081Same vendor: Dlink

CVE-2026-2157Same vendor: Dlink

CVE-2026-4465Same vendor: Dlink

References

https://pentagonal-time-3a7.notion.site/D-Link-DIR-615-2e7e5dd4c5a580109a14fdeb6f105cd6
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.343117
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.343117
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.737061
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com