CVE-2026-4465

MediumPublic PoC

Published: 20 March 2026

Published

20 March 2026

Modified

03 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0011 29.7th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The…

exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by validating and sanitizing the sysCmd argument in /goform/formSysCmd.

SA-22 Unsupported System Components good match

prevent

Mitigates risks from the unsupported D-Link DIR-513 firmware by disabling or isolating vulnerable unsupported components.

SI-2 Flaw Remediation good match

preventrecover

Addresses the specific command injection flaw through remediation or compensating controls despite lack of vendor patches.

Security SummaryAI

CVE-2026-4465 is an OS command injection vulnerability (CWE-77, CWE-78) in the D-Link DIR-513 router running firmware version 1.10. The flaw affects an unknown function within the /goform/formSysCmd file, where manipulation of the sysCmd argument triggers the injection.

The vulnerability enables remote exploitation (AV:N) by attackers with low privileges (PR:L), requiring low complexity (AC:L) and no user interaction (UI:N). Successful exploitation can result in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), yielding a CVSS 3.1 base score of 6.3. An exploit has been publicly published.

This issue impacts products no longer supported by the maintainer, with no patches available. Relevant advisories appear in VulDB entries (ctiid.351755, id.351755, submit.772866) and a GitHub-hosted PDF detailing the flaw, alongside the D-Link website.

Details

CWE(s): CWE-77 CWE-78

Affected Products

dlink

dir-513 firmware

1.10

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables exploitation of public-facing web application (T1190) via OS command injection in router firmware, directly facilitating Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSysCmd.pdf
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.351755
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.351755
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.772866
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com