CVE-2026-5844: OS Command Injection in D-Link DIR-882
CVE-2026-5844 is a high-severity OS command injection vulnerability in the D-Link DIR-882 router, version 1. 01B02. It affects the sprintf function in the prog. cgi file within the HNAP1 SetNetworkSettings Handler. An attacker can manipulate the IPAddress argument remotely to execute arbitrary OS commands. The vulnerability affects an unsupported product version, and no official patch or remediation is currently documented. Although the exploit code has been made public, there are no confirmed reports of exploitation in the wild.
AI Analysis
Technical Summary
This vulnerability involves OS command injection via the IPAddress parameter in the HNAP1 SetNetworkSettings Handler of D-Link DIR-882 firmware version 1.01B02. The sprintf function in prog.cgi improperly handles input, allowing remote attackers to execute arbitrary operating system commands. The product is no longer supported by the vendor, and no official remediation or patch is available. The CVSS 4.0 score is 8.6, indicating high severity with network attack vector, low attack complexity, and no user interaction required.
Potential Impact
Successful exploitation allows remote attackers with high privileges to execute arbitrary OS commands on the affected device, potentially leading to full compromise of the router. This could disrupt network operations or enable further attacks within the network. Since the product is unsupported, the vulnerability remains unpatched, increasing risk for users still running this firmware version.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor as the product is no longer supported. Users are advised to discontinue use of the affected firmware version 1.01B02 and upgrade to a supported device or firmware version if available. Network-level protections such as restricting remote access to the router's management interface may reduce exposure. Monitor vendor channels for any updates or community-provided mitigations.
CVE-2026-5844: OS Command Injection in D-Link DIR-882
Description
CVE-2026-5844 is a high-severity OS command injection vulnerability in the D-Link DIR-882 router, version 1. 01B02. It affects the sprintf function in the prog. cgi file within the HNAP1 SetNetworkSettings Handler. An attacker can manipulate the IPAddress argument remotely to execute arbitrary OS commands. The vulnerability affects an unsupported product version, and no official patch or remediation is currently documented. Although the exploit code has been made public, there are no confirmed reports of exploitation in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves OS command injection via the IPAddress parameter in the HNAP1 SetNetworkSettings Handler of D-Link DIR-882 firmware version 1.01B02. The sprintf function in prog.cgi improperly handles input, allowing remote attackers to execute arbitrary operating system commands. The product is no longer supported by the vendor, and no official remediation or patch is available. The CVSS 4.0 score is 8.6, indicating high severity with network attack vector, low attack complexity, and no user interaction required.
Potential Impact
Successful exploitation allows remote attackers with high privileges to execute arbitrary OS commands on the affected device, potentially leading to full compromise of the router. This could disrupt network operations or enable further attacks within the network. Since the product is unsupported, the vulnerability remains unpatched, increasing risk for users still running this firmware version.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor as the product is no longer supported. Users are advised to discontinue use of the affected firmware version 1.01B02 and upgrade to a supported device or firmware version if available. Network-level protections such as restricting remote access to the router's management interface may reduce exposure. Monitor vendor channels for any updates or community-provided mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-08T18:25:11.487Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d733ab1cc7ad14da3bfe7b
Added to database: 4/9/2026, 5:05:47 AM
Last enriched: 4/9/2026, 5:28:21 AM
Last updated: 4/9/2026, 7:32:50 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.