CNNVD-202511-509 Information

CNNVD ID

CNNVD-202511-509

Related CVE

CVE-2022-50596

• CNNVD Published: 2025-11-06

Description (Chinese)

D-Link DIR-1260是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-1260 v1.20B05及之前版本存在安全漏洞，该漏洞源于web管理界面中SetDest/Dest/Target参数存在命令注入，可能导致未经验证的攻击者以root权限执行任意命令。

Description (English)

D-Link DIR-1260 is a wireless router of the Chinese company D-Link. The security gap in D-Link DIR-1260 v1.20B05 and earlier versions stems from the existence of command injections of SetDest/Dest/Target parameters in the web management interface, which may lead to unauthorized assailants executing arbitrary orders with root authority.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

友讯

Published

2025-11-06

Last Modified

2026-02-24

References

https://blog.exodusintel.com/2022/05/11/d-link-dir-1260-getdevicesettings-pre-auth-command-injection-vulnerability/ https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10298 https://www.vulncheck.com/advisories/dlink-dir1260-getdevicesettings-unauthenticated-command-injection