CVE-2026-4465

MEDIUM

D-Link DIR-513 formSysCmd os command injection

Title source: cna

Description

A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/?id.351755

[Signature, Permissions Required] https://vuldb.com/?ctiid.351755

[Third Party Advisory] https://vuldb.com/?submit.772866

[Exploit] https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSysCmd.pdf

View Exploit ZIP pw:eip

[Product] https://www.dlink.com/

Scores

CVSS v3 6.3

EPSS 0.0011

EPSS Percentile 30.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-77 CWE-78

Status published

Products (2)

D-Link/DIR-513 1.10

dlink/dir-513_firmware 1.10

Published Mar 20, 2026

Tracked Since Mar 20, 2026