Description
A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Published: 2026-06-05
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the sub_412DA0 function of the /boafrm/formIMEISetup page on D-Link DWR‑M920 routers. By manipulating the IMEI_value argument, an attacker can cause operating‑system command injection, allowing execution of arbitrary shell commands on the device. This can lead to full device compromise, denial of service, or use of the router as part of a larger malicious network. The weakness involves improper handling of external input and is catalogued as CWE‑77 and CWE‑78.

Affected Systems

All D-Link DWR‑M920 routers running firmware version 1.1.50 or earlier are affected. Firmware updates introduced after 1.1.50 remove the vulnerable function, providing a path to remediation. Only the DWR‑M920 model is referenced; no other D-Link products have been reported to use the same vulnerable code.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, but the vulnerability is exploitable remotely without authentication, with a publicly available exploit published. The EPSS score is not available and the flaw is currently not listed in the CISA KEV catalog, though the presence of a ready-made exploit signals that attackers may target it. Given the remote nature of the attack and the potential to hijack the device, the risk to affected routers, especially those exposed to the Internet, is significant.

Generated by OpenCVE AI on June 5, 2026 at 18:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router to the latest firmware that removes the vulnerable command injection code.
  • If a patch is not yet available, block remote access to the IMEI configuration page via the router’s firewall or disable the feature entirely.
  • Restrict remote management to known, trusted IP addresses and enforce strong authentication on any exposed interfaces.
  • Monitor system logs for anomalous command execution or unexpected traffic patterns to detect attempted exploitation.

Generated by OpenCVE AI on June 5, 2026 at 18:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Title D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
First Time appeared D-link
D-link dwr-m920
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:h:d-link:dwr-m920:*:*:*:*:*:*:*:*
Vendors & Products D-link
D-link dwr-m920
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dwr-m920
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-05T16:45:09.150Z

Reserved: 2026-06-05T08:19:13.223Z

Link: CVE-2026-11341

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-05T18:17:04.513

Modified: 2026-06-05T19:02:13.790

Link: CVE-2026-11341

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T19:00:15Z

Weaknesses