CVE-2026-2152
Published: 08 February 2026
Summary
CVE-2026-2152 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dir-615 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability identified as CVE-2026-2152 affects the D-Link DIR-615 running firmware version 4.10. It resides in unknown code within the adv_routing.php file of the Web Configuration Interface. Manipulation of the dest_ip, submask, and gw arguments permits OS command injection, corresponding to CWE-77 and CWE-78. The issue is exploitable remotely and carries a CVSS 4.0 score of 7.3.
An attacker with administrative credentials can supply crafted values to the affected parameters over the network, resulting in execution of arbitrary operating system commands. Successful exploitation grants high impact on confidentiality, integrity, and availability within the device. The exploit code has been publicly disclosed.
The affected product is no longer supported by D-Link, as noted in the vulnerability record and referenced vendor site. The current and peak EPSS score remains 0.0349 with no material increase observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5797
Vulnerability details
A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may…
more
be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in the router web UI directly enables T1190 (exploit of public-facing app) and T1059.004 (Unix shell command execution on the embedded device).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of untrusted inputs such as dest_ip, submask, and gw parameters in the web configuration interface to directly prevent OS command injection.
Prohibits use of unsupported system components like the end-of-life D-Link DIR-615 router, eliminating exposure to unpatched vulnerabilities like this command injection.
Mandates identification and remediation of flaws such as this OS command injection vulnerability, through patching, isolation, or decommissioning given no vendor support.