CVE-2026-2152

HighPublic PoCRCE

Published: 08 February 2026

Published

08 February 2026

Modified

11 February 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0307 86.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2152 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dir-615 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of untrusted inputs such as dest_ip, submask, and gw parameters in the web configuration interface to directly prevent OS command injection.

SA-22 Unsupported System Components good match

prevent

Prohibits use of unsupported system components like the end-of-life D-Link DIR-615 router, eliminating exposure to unpatched vulnerabilities like this command injection.

SI-2 Flaw Remediation good match

prevent

Mandates identification and remediation of flaws such as this OS command injection vulnerability, through patching, isolation, or decommissioning given no vendor support.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

OS command injection in the router web UI directly enables T1190 (exploit of public-facing app) and T1059.004 (Unix shell command execution on the embedded device).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may…

be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-2152 is an OS command injection vulnerability (CWE-77, CWE-78) discovered in D-Link DIR-615 routers running firmware version 4.10. The issue affects unknown code within the adv_routing.php file of the Web Configuration Interface, where manipulation of the dest_ip, submask, and gw arguments enables arbitrary OS command execution. Published on 2026-02-08, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

A remote attacker with high privileges (PR:H) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing full compromise of the affected device through injected commands.

This vulnerability impacts products no longer supported by the maintainer, with no patches available. An exploit has been publicly disclosed and could be used, as detailed in advisories from VulDB and a Notion site proof-of-concept. Practitioners should decommission or isolate DIR-615 devices, per references including https://vuldb.com/?id.344854 and https://pentagonal-time-3a7.notion.site/DIR-615-routing-command-injection-2f6e5dd4c5a580089587f5e78a1bbf70.

Details

CWE(s): CWE-77 CWE-78

Affected Products

dlink

dir-615 firmware

4.10

CVEs Like This One

CVE-2026-2151Same product: Dlink Dir-615

CVE-2026-1505Same product: Dlink Dir-615

CVE-2026-1506Same product: Dlink Dir-615

CVE-2026-1448Same product: Dlink Dir-615

CVE-2026-2175Same vendor: Dlink

CVE-2026-2210Same vendor: Dlink

CVE-2026-2260Same vendor: Dlink

CVE-2026-2081Same vendor: Dlink

CVE-2026-2157Same vendor: Dlink

CVE-2026-4465Same vendor: Dlink

References

https://pentagonal-time-3a7.notion.site/DIR-615-routing-command-injection-2f6e5dd4c5a580089587f5e78a1bbf70?pvs=74
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.344854
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344854
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.748032
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com