EIP-2026-120643

This exploit demonstrates an authenticated command injection vulnerability in the D-Link DIR-650IN router's diagnostic functionality. The `sysHost` parameter in the HTTP POST request is not sanitized, allowing command injection via pipe characters, leading to arbitrary command execution and information disclosure.