CVE-2026-7067 - Vulnerability Details

- D-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injection

Description

A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-04-26

Score: 6.9 Medium

EPSS: 1.6% Low

KEV: No

Impact:

Action:

Analysis

Impact

A system command injection flaw exists in the udhcpd DHCP Service (dhcpd.c) of the D-Link DIR-822 A_101 firmware. Manipulating the Hostname argument of a DHCP request allows a remote attacker to inject arbitrary shell commands, effectively bypassing any authentication controls and enabling full code execution on the router. This problem is rooted in improper input validation (CWE‑74) and failure to safely construct system calls (CWE‑77). The consequence is total loss of confidentiality, integrity, and availability of the affected device.

Affected Systems

The vulnerability is confined to the D-Link DIR‑822 series, specifically firmware version A_101, which is no longer supported by the manufacturer.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity flaw, yet the EPSS score of less than 1% suggests that current exploitation activity is low. The vulnerability is not listed in CISA KEV, meaning no known widespread exploitation has been reported. The attack can be initiated remotely by sending a crafted DHCP packet with a malicious Hostname field; no prior authentication or local access is required. An attacker who succeeds can execute arbitrary commands on the router, potentially taking full control of the device and its network traffic.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-822

affected

Version	Status	Constraints
`A_101`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-822_firmware:1.0.1:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-822:a1:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

D-link

Dir-822

100%

Version	Status	Scheme	Platform
`A_101`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the router to a firmware version that removes the udhcpd command injection flaw or apply vendor‑issued patch if available.
Disable the udhcpd DHCP service if the router will not be used to serve DHCP, thereby eliminating the vulnerable code path.
Configure network perimeter defenses to block or rate‑limit DHCP traffic from untrusted sources, preventing malicious Hostname payloads from reaching the router.

Generated by OpenCVE AI on April 28, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0158.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://tzh00203.notion.site/D-Link-DIR-822-A1-Command-Injection-in-udhcpd-via-DHCP-Hostname-337b5c52018a80d9b638d0fa59969e6b
https://vuldb.com/submit/798645
https://vuldb.com/vuln/359642
https://vuldb.com/vuln/359642/cti
https://www.dlink.com/

History

Thu, 30 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-822 Dlink dir-822 Firmware
CPEs		cpe:2.3:h:dlink:dir-822:a1:::::::* cpe:2.3:o:dlink:dir-822_firmware:1.0.1:::::::*
Vendors & Products		Dlink Dlink dir-822 Dlink dir-822 Firmware

Mon, 27 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 27 Apr 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-822
Vendors & Products		D-link D-link dir-822

Sun, 26 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
Title		D-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injection
Weaknesses		CWE-74 CWE-77
References		https://tzh00203.notion.site/D-Link-DIR-822-A1-Command-Injection-in-udhcpd-via-DHCP-Hostname-337b5c52018a80d9b638d0fa59969e6b https://vuldb.com/submit/798645 https://vuldb.com/vuln/359642 https://vuldb.com/vuln/359642/cti https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-822

Dlink Dir-822 Dir-822 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-26T23:30:17.987Z

Updated: 2026-04-27T20:14:45.589Z

Reserved: 2026-04-26T07:27:27.833Z

Link: CVE-2026-7067

Vulnrichment

Updated: 2026-04-27T20:14:41.721Z

NVD

Status : Analyzed

Published: 2026-04-27T00:16:20.870

Modified: 2026-04-30T14:09:13.660

Link: CVE-2026-7067

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object