CNNVD-202602-1202 Information

CNNVD ID

CNNVD-202602-1202

Related CVE

CVE-2026-2163

• CNNVD Published: 2026-02-08

Description (Chinese)

D-Link DIR-600是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-600 2.15WWb02及之前版本存在命令注入漏洞，该漏洞源于对文件ssdp.cgi中参数HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID的错误操作，可能导致命令注入。

Description (English)

D-Link DIR-600 is a wireless router for the Chinese company D-Link. 2.15 Wb02 and previous versions of D-Link DIR-600 2.15 Wb02 contain a command-injecting loophole resulting from an error in the HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID, the parameter in document ssdp.cgi.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

友讯

Published

2026-02-08

Last Modified

2026-02-24

References

https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md#poc https://vuldb.com/?ctiid.344865 https://www.dlink.com/ https://vuldb.com/?id.344865 https://vuldb.com/?submit.751764 https://access.redhat.com/security/cve/cve-2026-2163