CVE-2026-1505
Published: 28 January 2026
Summary
CVE-2026-1505 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dir-615 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2026-1505 is an OS command injection vulnerability (CWE-77, CWE-78) in the URL Filter component of D-Link DIR-615 firmware version 4.10, specifically affecting the processing of the /set_temp_nodes.php file. The flaw allows manipulation that injects arbitrary operating system commands, with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). It impacts only products that are no longer supported by the maintainer.
The vulnerability is exploitable remotely over the network with low attack complexity and no user interaction required, but it demands high privileges (PR:H), such as administrative access to the device. Successful exploitation enables attackers to achieve high-impact confidentiality, integrity, and availability violations, potentially allowing full compromise of the router through arbitrary command execution.
Advisories from sources like VulDB indicate no patches are available, as the affected D-Link DIR-615 devices are end-of-life and unsupported. Mitigation relies on network segmentation, access controls to restrict privileged access, or device replacement. The exploit has been publicly disclosed and could be weaponized.
Notable context includes the public availability of the exploit, increasing risk for exposed legacy deployments, though no confirmed real-world exploitation has been reported in the provided details.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4917
Vulnerability details
A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been…
more
made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing router web component (set_temp_nodes.php) enables remote exploitation of the application and arbitrary Unix shell command execution for privilege escalation to full device compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces least privilege on administrative accounts so that even authenticated users cannot reach or abuse the /set_temp_nodes.php URL-filter function with OS-level command execution rights.
Boundary-protection rules (firewalls, segmentation, ACLs) block remote attackers from reaching the web-management interface of the unsupported DIR-615 before the injection can be attempted.
Directly requires organizations to replace, isolate, or otherwise mitigate continued use of end-of-life devices for which no patches exist for the command-injection flaw.