Description
A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Published: 2026-01-08
Score: 5.3 Medium
EPSS: 10.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection flaw exists in the /upgrade_filter.asp script when the path argument is unsanitized. The flaw permits an attacker to inject and execute arbitrary operating‑system commands, leading to full control over the device. The vulnerability is a classic instance of OS command injection and falls under CWE‑74 and CWE‑77. The impact includes compromise of confidentiality, integrity, and availability of the router and any network traffic handled by it.

Affected Systems

The vulnerability affects the D‑Link DI‑8200G router, specifically firmware version 17.12.20A1. No other vendor releases or firmware revisions are listed as affected. The flaw is tied to an unknown function within the upgrade_filter.asp file of this firmware build.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of 0.09953% indicates a very low probability of exploitation. The flaw is not catalogued in the CISA KEV list. Nonetheless, the public disclosure of a working exploit means that an adversary with network access to the router’s administrative interface can trigger the injection remotely. Exact authentication prerequisites are not provided, and the description indicates the attack may be performed from any remote connection that can contact the web interface.

Generated by OpenCVE AI on June 18, 2026 at 11:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Inspect all D‑Link DI‑8200G routers to determine if they are running the vulnerable firmware 17.12.20A1; if so, block external access to the /upgrade_filter.asp endpoint or restrict it to trusted internal hosts only via firewall rules, VLAN segmentation, or ACLs.
  • Restrict external access to the router’s administrative interface by configuring firewall policies or network segmentation so that only internal trusted networks can reach the /upgrade_filter.asp endpoint.
  • Enable and monitor logs for administrative interface activity, specifically looking for suspicious command execution attempts or repeated requests to /upgrade_filter.asp, and investigate any anomalies promptly.

Generated by OpenCVE AI on June 18, 2026 at 11:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 14 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8200g
Dlink di-8200g Firmware
CPEs cpe:2.3:h:dlink:di-8200g:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8200g_firmware:17.12.20a1:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink di-8200g
Dlink di-8200g Firmware

Fri, 09 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 09 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8200g
Vendors & Products D-link
D-link di-8200g

Thu, 08 Jan 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Title D-Link DI-8200G upgrade_filter.asp command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Di-8200g
Dlink Di-8200g Di-8200g Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:24:48.462Z

Reserved: 2026-01-08T15:25:51.430Z

Link: CVE-2026-0732

cve-icon Vulnrichment

Updated: 2026-01-09T16:22:34.914Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-09T00:15:45.313

Modified: 2026-06-17T10:11:17.053

Link: CVE-2026-0732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T11:30:04Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')