CVE Catalog

CVE-2026-11339

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.54%

68th percentile - higher than 68% of all known CVEs

Summary

A vulnerability was detected in D-Link DWR-M920 up to version 1.1.50. Manipulation of the ussdValue argument in the sub_41CF20 function leads to command injection, allowing for remote attacks.

Risk Assessment

The organization is exposed to remote attacks that could result in unauthorized command execution on the device.

Recommendation

It is recommended to update the device to the latest firmware version to mitigate this vulnerability.

Original NVD description (English source)

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS