CVE-2026-0732 - Vulnerability Details

- D-Link DI-8200G upgrade_filter.asp command injection

Description

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

Published: 2026-01-08

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A command injection flaw exists in the /upgrade_filter.asp script when the path argument is unsanitized. The flaw permits an attacker to inject and execute arbitrary operating‑system commands, leading to full control over the device. The vulnerability is a classic instance of OS command injection and falls under CWE‑74 and CWE‑77. The impact includes compromise of confidentiality, integrity, and availability of the router and any network traffic handled by it.

Affected Systems

The vulnerability affects the D‑Link DI‑8200G router, specifically firmware version 17.12.20A1. No other vendor releases or firmware revisions are listed as affected. The flaw is tied to an unknown function within the upgrade_filter.asp file of this firmware build.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests low current exploit probability. The flaw is not catalogued in the CISA KEV list. Nonetheless, the public disclosure of a working exploit means that an adversary with network access to the router’s administrative interface can trigger the injection remotely. Exact authentication prerequisites are not provided, and the description indicates the attack may be performed from any remote connection that can contact the web interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DI-8200G

affected

Version	Status	Constraints
`17.12.20A1`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:di-8200g_firmware:17.12.20a1:*:*:*:*:*:*:*

cpe:2.3:h:dlink:di-8200g:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Di-8200g	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update from D‑Link that eliminates the command injection in DI‑8200G; ensure the device reboots after installation.
If a firmware upgrade cannot be applied immediately, restrict external access to the /upgrade_filter.asp endpoint by configuring a firewall, VLAN, or ACL so that only trusted internal hosts can reach the router’s administration interface.
Continuously monitor device logs and network traffic for anomalous command execution attempts or repeated requests to /upgrade_filter.asp, and investigate any findings promptly.

Generated by OpenCVE AI on April 18, 2026 at 07:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00379.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md
https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md#poc
https://vuldb.com/?ctiid.340129
https://vuldb.com/?id.340129
https://vuldb.com/?submit.733275
https://www.dlink.com/

History

Wed, 14 Jan 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink di-8200g Dlink di-8200g Firmware
CPEs		cpe:2.3:h:dlink:di-8200g:-:::::::* cpe:2.3:o:dlink:di-8200g_firmware:17.12.20a1:::::::*
Vendors & Products		Dlink Dlink di-8200g Dlink di-8200g Firmware

Fri, 09 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 09 Jan 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link di-8200g
Vendors & Products		D-link D-link di-8200g

Thu, 08 Jan 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Title		D-Link DI-8200G upgrade_filter.asp command injection
Weaknesses		CWE-74 CWE-77
References		https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md#poc https://vuldb.com/?ctiid.340129 https://vuldb.com/?id.340129 https://vuldb.com/?submit.733275 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Di-8200g

Dlink Di-8200g Di-8200g Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-08T23:32:08.177Z

Updated: 2026-02-23T08:24:48.462Z

Reserved: 2026-01-08T15:25:51.430Z

Link: CVE-2026-0732

Vulnrichment

Updated: 2026-01-09T16:22:34.914Z

NVD

Status : Analyzed

Published: 2026-01-09T00:15:45.313

Modified: 2026-01-14T18:57:15.960

Link: CVE-2026-0732

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T07:45:24Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object