CVE-2026-4465 is a medium-severity OS command injection vulnerability affecting the D-Link DIR-513 router running firmware version 1.10. The vulnerability resides in an unspecified function accessed via the /goform/formSysCmd endpoint, where the sysCmd parameter is insufficiently sanitized, allowing an attacker to inject and execute arbitrary operating system commands remotely. The attack vector is network-based, requiring no user interaction and low privileges, making it relatively easy to exploit if the device is reachable. The vulnerability impacts confidentiality, integrity, and availability by enabling command execution on the device, potentially leading to full device compromise. The affected product is no longer supported by the vendor, and no patches have been released. While no active exploits have been observed in the wild, a public exploit exists, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and low impact on confidentiality, integrity, and availability, resulting in a base score of 5.3. This vulnerability highlights risks associated with legacy network devices that remain in operational environments without vendor support or security updates.

The vulnerability allows remote attackers to execute arbitrary OS commands on affected D-Link DIR-513 routers, potentially leading to full device compromise. This can result in unauthorized access to network traffic, interception or manipulation of data, disruption of network services, or use of the device as a foothold for further attacks within an organization’s network. Since the device is a network router, compromise could affect the confidentiality and integrity of data passing through it and availability of network connectivity. The lack of vendor support and patches increases the risk, as organizations cannot remediate via firmware updates. Exploitation could facilitate lateral movement, data exfiltration, or deployment of malware. Organizations relying on these legacy devices in critical network segments face elevated operational and security risks.

Given the absence of official patches, organizations should prioritize immediate replacement of the D-Link DIR-513 devices with supported hardware running updated firmware. If replacement is not immediately feasible, network-level mitigations should be implemented: restrict access to the device’s management interfaces by applying firewall rules to limit exposure to trusted networks only; disable remote management features if enabled; monitor network traffic for suspicious activity targeting the /goform/formSysCmd endpoint; employ intrusion detection/prevention systems with signatures for this vulnerability or command injection attempts; segment legacy devices on isolated network segments to reduce attack surface; and enforce strong network access controls and logging to detect and respond to exploitation attempts. Regularly auditing network devices for outdated firmware and unsupported hardware can prevent similar risks.