CVE-2026-1596 | D-Link DWR-M961 1.1.47 formLtefotaUpgradeQuectel sub_419920 fota_url command injection

Inserito da Angelo Barbosa | Gen 29, 2026 | CVE

A vulnerability was found in D-Link DWR-M961 1.1.47. It has been rated as critical. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection.

This vulnerability is tracked as CVE-2026-1596. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-1596 | D-Link DWR-M961 1.1.47 formLtefotaUpgradeQuectel sub_419920 fota_url command injection

Post correlati

CVE-2023-44301 | Dell PowerProtect Data Manager DM5500 Appliance up to 5.14 cross site scripting (dsa-2023-425)

CVE-2024-36413 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 cross site scripting (GHSA-ph2c-hvvf-r273)

CVE-2024-21912 | Rockwell Automation Arena Simulation up to 16.20.02 out-of-bounds write

CVE-2025-13291 | Campcodes Supplier Management System 1.0 confirm_order.php ID sql injection