EIP-2026-101221

PRE-CVE

D-Link Devices - UPnP M-SEARCH Multicast Command Injection (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101221. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated OS command injection vulnerability in D-Link routers via UPnP M-SEARCH multicast requests. It targets multiple D-Link models (e.g., DIR-300, DIR-645) by injecting commands into the ST header of the SSDP packet.

Description

D-Link Devices - UPnP M-SEARCH Multicast Command Injection (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/34065

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated OS command injection vulnerability in D-Link routers via UPnP M-SEARCH multicast requests. It targets multiple D-Link models (e.g., DIR-300, DIR-645) by injecting commands into the ST header of the SSDP packet.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link Routers (DIR-300, DIR-645, DIR-815, and potentially others) with UPnP enabled

No auth needed

Prerequisites: Network access to the target's UPnP service (UDP port 1900) · Vulnerable D-Link router firmware

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026