Platform
dlink
Component
dlink
CVE-2026-5844 describes a Command Injection vulnerability discovered in the D-Link DIR-882 router, specifically within the HNAP1 SetNetworkSettings Handler's sprintf function in prog.cgi. This flaw allows remote attackers to execute arbitrary operating system commands. The vulnerability impacts devices running version 1.01B02 and, critically, the product is no longer supported by the vendor, leaving users with limited options for remediation.
Successful exploitation of CVE-2026-5844 grants an attacker complete control over the affected D-Link DIR-882 router. This includes the ability to modify system configurations, install malware, and potentially pivot to other devices on the network. Given the router's position as a gateway, a compromised device can serve as a launchpad for broader network attacks, including data exfiltration and denial-of-service. The public availability of the exploit significantly increases the risk of widespread exploitation, particularly targeting vulnerable, unpatched devices.
The exploit for CVE-2026-5844 has been publicly disclosed, indicating a high probability of exploitation. While no active campaigns have been definitively linked to this specific CVE, the ease of exploitation and public availability make it a prime target for opportunistic attackers. The vulnerability has been added to the CISA KEV catalog, further highlighting its potential risk. The vulnerability's impact is amplified by the router's role as a network gateway.
Exploit Status
EPSS
0.27% (50% percentile)
CISA SSVC
CVSS Vector
Due to the product's end-of-life status, a direct patch is unavailable. Mitigation strategies focus on limiting the attack surface and detecting malicious activity. Network segmentation is crucial; isolate the DIR-882 router from critical network resources. Implement a Web Application Firewall (WAF) with rules to filter suspicious requests targeting prog.cgi and specifically block attempts to inject OS commands via the IPAddress parameter. Monitor router logs for unusual activity and command execution attempts. Consider replacing the DIR-882 router with a supported device as the most effective long-term solution.
D-Link no longer provides support for this product. It is recommended to replace the device with one that receives security updates. If this is not possible, isolate the device from the network and avoid using it for critical services.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5844 is a Command Injection vulnerability in the D-Link DIR-882 router's prog.cgi file, allowing remote attackers to execute OS commands. It has a HIGH severity rating (7.2).
You are affected if you are using a D-Link DIR-882 router running version 1.01B02. The product is no longer supported by the vendor.
A direct patch is unavailable. Mitigation involves network segmentation, WAF rules, and replacing the router with a supported device.
The exploit is publicly available, indicating a high probability of exploitation. While no confirmed campaigns are known, the risk is significant.
Due to the product's end-of-life status, a specific advisory may not be available. Consult D-Link's security bulletin archive for related information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.