CVE-2026-4499

HIGH

D-Link DIR-820LW SSDP ssdpcgi_main os command injection

Title source: cna
STIX 2.1

Description

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

References (6)

Scores

CVSS v3 7.3
EPSS 0.0026
EPSS Percentile 49.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-77 CWE-78
Status published
Products (2)
D-Link/DIR-820LW 2.03
dlink/dir-820lw_firmware 2.03
Published Mar 20, 2026
Tracked Since Mar 21, 2026