CVE-2026-2151 identifies a critical OS command injection vulnerability in the D-Link DIR-615 router firmware version 4.10, specifically within the adv_firewall.php file's DMZ Host feature. The vulnerability arises from improper sanitization of the dmz_ipaddr parameter, allowing an attacker to inject arbitrary operating system commands remotely. This flaw does not require user interaction or authentication, making it highly exploitable over the network. The vulnerability affects only the outdated and unsupported firmware version 4.10, meaning no official patches or vendor support are available. The CVSS 4.0 base score is 8.6, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction needed. The exploit allows attackers to execute arbitrary commands on the router, potentially leading to full device compromise, network traffic interception, or pivoting into internal networks. Public exploit details have been disclosed, increasing the risk of exploitation despite no known active attacks reported yet. The vulnerability is significant for environments still operating legacy D-Link DIR-615 devices, especially where these routers serve as network gateways or firewall devices.

For European organizations, this vulnerability presents a substantial risk, especially in small to medium enterprises or residential environments where legacy D-Link DIR-615 routers might still be in use. Successful exploitation can lead to complete compromise of the router, enabling attackers to intercept, modify, or redirect network traffic, disrupt network availability, or launch further attacks against internal systems. Confidential information passing through the router could be exposed or manipulated, impacting data privacy and integrity. The lack of vendor support and patches means affected organizations cannot remediate the vulnerability through updates, increasing exposure duration. This is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and government institutions. Additionally, compromised routers could be leveraged as entry points for broader cyberattacks or as part of botnets, amplifying the threat landscape in Europe.

Given the absence of official patches, the primary mitigation is to replace the affected D-Link DIR-615 devices with modern, supported hardware that receives regular security updates. If immediate replacement is not feasible, organizations should isolate these routers from critical network segments using VLANs or firewall rules to limit exposure. Disable the DMZ Host feature entirely if it is not required, as this is the vulnerable component. Network monitoring should be enhanced to detect unusual command execution patterns or traffic anomalies indicative of exploitation attempts. Employ network-level intrusion detection and prevention systems (IDS/IPS) with signatures targeting known exploit behaviors for this vulnerability. Regularly audit network devices to identify legacy hardware and maintain an inventory to prioritize upgrades. Educate users and administrators about the risks of unsupported devices and enforce strict network access controls. Finally, consider implementing network segmentation and zero trust principles to reduce the impact of any potential compromise.