CVE-2026-4499
HIGHD-Link DIR-820LW SSDP ssdpcgi_main os command injection
Title source: cnaDescription
A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-352055 | D-Link DIR-820LW SSDP ssdpcgi_main os command injection
https://vuldb.com/?id.352055
Signature, Permissions Required signature
permissions-required
VDB-352055 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.352055
Third Party Advisory third-party-advisory
Submit #773883 | D-Link DIR-820LW B2.03 OS Command Injection
https://vuldb.com/?submit.773883
Issue Tracking issue-tracking
https://github.com/yunleeeee/cve/issues/1
Product product
https://www.dlink.com/
Scores
CVSS v3
7.3
EPSS
0.0320
EPSS Percentile
86.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-77
CWE-78
Status
published
Products (2)
D-Link/DIR-820LW
2.03
dlink/dir-820lw_firmware
2.03
Published
Mar 20, 2026
Tracked Since
Mar 21, 2026