EIP-2026-101613

PRE-CVE

D-Link - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101613. PoCs published by m-1-k-3.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in various D-Link devices, primarily focusing on unauthenticated and authenticated command injection via the 'dst' parameter in diagnostic.php. It includes affected firmware versions, exploit examples, and mitigation steps.

Description

D-Link - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24926

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in various D-Link devices, primarily focusing on unauthenticated and authenticated command injection via the 'dst' parameter in diagnostic.php. It includes affected firmware versions, exploit examples, and mitigation steps.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-600, DIR-300 revB, DIR-815, DIR-645, DIR-412, DIR-456, DIR-110

No auth needed

Prerequisites: Network access to the vulnerable device · Knowledge of the target device's IP address

MITRE ATT&CK

T1202 - Indirect Command Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026