CVE-2026-2168 | D-Link DWR-M921 1.1.50 formLtefotaUpgradeQuectel sub_419920 fota_url command injection

Inserito da Angelo Barbosa | Feb 7, 2026 | CVE

A vulnerability was found in D-Link DWR-M921 1.1.50. It has been rated as critical. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection.

The identification of this vulnerability is CVE-2026-2168. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-2168 | D-Link DWR-M921 1.1.50 formLtefotaUpgradeQuectel sub_419920 fota_url command injection

Post correlati

CVE-2024-30730 | ROS Kinetic Kame 1 log file

CVE-2023-7218 | Totolink N350RT 9.3.5u.6139_B202012 /cgi-bin/cstecgi.cgi loginAuth password stack-based overflow

CVE-2025-48270 | sonalsinha21 SKT Blocks Plugin up to 2.2 on WordPress cross site scripting

CVE-2025-53693 | Sitecore Experience Manager/Experience Platform up to 9.3/10.4 externally-controlled input to select classes or code