CVE-2026-2151
Published: 08 February 2026
Summary
CVE-2026-2151 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dir-615 Firmware. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public web interface (adv_firewall.php) directly enables remote exploitation of a public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004) on the device.
NVD Description
A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack can be launched…
more
remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-2151 is an OS command injection vulnerability in D-Link DIR-615 firmware version 4.10. It affects an unknown part of the file adv_firewall.php within the DMZ Host Feature component, where manipulation of the dmz_ipaddr argument enables the injection. The issue is classified under CWE-77 (Command Injection) and CWE-78 (OS Command Injection), with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). This vulnerability impacts only products that are no longer supported by the maintainer.
The vulnerability can be exploited remotely by an attacker with high privileges (PR:H). Exploitation involves sending a crafted request to trigger OS command injection via the dmz_ipaddr parameter, potentially allowing arbitrary command execution on the device. Successful attacks could result in high impacts to confidentiality, integrity, and availability, such as data theft, system modification, or denial of service.
Advisories note that no patches are available, as affected D-Link DIR-615 devices are end-of-support. References including VulDB entries and a detailed disclosure on a Notion site confirm the exploit has been publicly released and may be actively used. The official D-Link website provides no specific mitigation guidance for this unsupported firmware version.
The exploit disclosure to the public increases the risk for remaining deployments of this legacy router firmware.
Details
- CWE(s)