A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
References
| Link | Resource |
|---|---|
| https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73 | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.342880 | Permissions Required VDB Entry |
| https://vuldb.com/?id.342880 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.737006 | Third Party Advisory VDB Entry |
| https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
28 Jan 2026, 16:37
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73 - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.342880 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.342880 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.737006 - Third Party Advisory, VDB Entry | |
| References | () https://www.dlink.com/ - Product | |
| First Time |
Dlink dir-615
Dlink Dlink dir-615 Firmware |
|
| CPE | cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:* |
27 Jan 2026, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-27 00:15
Updated : 2026-01-28 16:37
NVD link : CVE-2026-1448
Mitre link : CVE-2026-1448
CVE.ORG link : CVE-2026-1448
JSON object : View
Products Affected
dlink
- dir-615_firmware
- dir-615