Cyber Posture

CVE-2026-4465

MediumPublic PoC

Published: 20 March 2026

Published
20 March 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0011 29.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4465 is a medium-severity Command Injection (CWE-77) vulnerability in Dlink Dir-513. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents OS command injection by validating and sanitizing the sysCmd argument in /goform/formSysCmd.

SA-22 Unsupported System Components good match
prevent

Mitigates risks from the unsupported D-Link DIR-513 firmware by disabling or isolating vulnerable unsupported components.

SI-2 Flaw Remediation good match
preventrecover

Addresses the specific command injection flaw through remediation or compensating controls despite lack of vendor patches.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

CVE enables exploitation of public-facing web application (T1190) via OS command injection in router firmware, directly facilitating Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The…

more

exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-4465 is an OS command injection vulnerability (CWE-77, CWE-78) in the D-Link DIR-513 router running firmware version 1.10. The flaw affects an unknown function within the /goform/formSysCmd file, where manipulation of the sysCmd argument triggers the injection.

The vulnerability enables remote exploitation (AV:N) by attackers with low privileges (PR:L), requiring low complexity (AC:L) and no user interaction (UI:N). Successful exploitation can result in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), yielding a CVSS 3.1 base score of 6.3. An exploit has been publicly published.

This issue impacts products no longer supported by the maintainer, with no patches available. Relevant advisories appear in VulDB entries (ctiid.351755, id.351755, submit.772866) and a GitHub-hosted PDF detailing the flaw, alongside the D-Link website.

Details

CWE(s)
CWE-77CWE-78

Affected Products

dlink
dir-513 firmware
1.10

CVEs Like This One

CVE-2025-70240Same product: Dlink Dir-513
CVE-2025-7909Same product: Dlink Dir-513
CVE-2025-70232Same product: Dlink Dir-513
CVE-2025-70225Same product: Dlink Dir-513
CVE-2025-10792Same product: Dlink Dir-513
CVE-2025-8184Same product: Dlink Dir-513
CVE-2025-70229Same product: Dlink Dir-513
CVE-2025-70231Same product: Dlink Dir-513
CVE-2026-6012Same product: Dlink Dir-513
CVE-2026-6014Same product: Dlink Dir-513

References