CVE-2026-11339 | D-Link DWR-M920 up to 1.1.50 /boafrm/formUSSDSetup sub_41CF20 ussdValue command injection

Inserito da Angelo Barbosa | Giu 5, 2026 | CVE

A vulnerability categorized as critical has been discovered in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection.

This vulnerability is known as CVE-2026-11339. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-11339 | D-Link DWR-M920 up to 1.1.50 /boafrm/formUSSDSetup sub_41CF20 ussdValue command injection

Post correlati

CVE-2023-7140 | code-projects Client Details System 1.0 /admin/manage-users.php id sql injection

CVE-2025-26524 | Rupeeseed Technology Ventures RupeeWeb prior 66.9 API Endpoint bombing/ improper control of interaction frequency (CIVN-2025-0020)

CVE-2024-0541 | Tenda W9 1.0.0.7(4456) httpd formAddSysLogRule sysRulenEn stack-based overflow

CVE-2024-32833 | Nick Halsey List Custom Taxonomy Widget Plugin up to 4.1 on WordPress cross site scripting