Platform
dlink
Component
dlink
CVE-2026-5844 describes a Command Injection vulnerability discovered in the D-Link DIR-882 router, specifically within the HNAP1 SetNetworkSettings Handler's sprintf function in prog.cgi. This flaw allows remote attackers to execute arbitrary operating system commands. The vulnerability impacts devices running version 1.01B02 and, critically, the product is no longer supported by the vendor, leaving users with limited options for remediation.
Successful exploitation of CVE-2026-5844 grants an attacker complete control over the affected D-Link DIR-882 router. This includes the ability to modify system configurations, install malware, and potentially pivot to other devices on the network. Given the router's position as a gateway, a compromised device can serve as a launchpad for broader network attacks, including data exfiltration and denial-of-service. The public availability of the exploit significantly increases the risk of widespread exploitation, particularly targeting vulnerable, unpatched devices.
The exploit for CVE-2026-5844 has been publicly disclosed, indicating a high probability of exploitation. While no active campaigns have been definitively linked to this specific CVE, the ease of exploitation and public availability make it a prime target for opportunistic attackers. The vulnerability has been added to the CISA KEV catalog, further highlighting its potential risk. The vulnerability's impact is amplified by the router's role as a network gateway.
Small businesses and home users still relying on legacy D-Link DIR-882 routers are particularly at risk. Shared hosting environments where DIR-882 routers are used as gateway devices also present a significant exposure. Users who have not updated their router firmware and are unaware of the end-of-life status are especially vulnerable.
• linux / server:
journalctl -u haproxy -f | grep 'prog.cgi'• linux / server:
ps aux | grep 'prog.cgi'• generic web:
curl -I http://<router_ip>/prog.cgi?IPAddress=$(id | grep uid) # Check for command executiondisclosure
Exploit Status
EPSS
0.27% (50% percentiel)
CISA SSVC
CVSS-vector
Due to the product's end-of-life status, a direct patch is unavailable. Mitigation strategies focus on limiting the attack surface and detecting malicious activity. Network segmentation is crucial; isolate the DIR-882 router from critical network resources. Implement a Web Application Firewall (WAF) with rules to filter suspicious requests targeting prog.cgi and specifically block attempts to inject OS commands via the IPAddress parameter. Monitor router logs for unusual activity and command execution attempts. Consider replacing the DIR-882 router with a supported device as the most effective long-term solution.
D-Link ya no proporciona soporte para este producto. Se recomienda reemplazar el dispositivo por uno que reciba actualizaciones de seguridad. Si no es posible, aislar el dispositivo de la red y evitar su uso para servicios críticos.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-5844 is a Command Injection vulnerability in the D-Link DIR-882 router's prog.cgi file, allowing remote attackers to execute OS commands. It has a HIGH severity rating (7.2).
You are affected if you are using a D-Link DIR-882 router running version 1.01B02. The product is no longer supported by the vendor.
A direct patch is unavailable. Mitigation involves network segmentation, WAF rules, and replacing the router with a supported device.
The exploit is publicly available, indicating a high probability of exploitation. While no confirmed campaigns are known, the risk is significant.
Due to the product's end-of-life status, a specific advisory may not be available. Consult D-Link's security bulletin archive for related information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.