What is CVE-2026-5844?

CVE-2026-5844 is a high-severity vulnerability in D-link Dir-882, classified under Command Injection. CVSS score: 7.2/10. Published 2026-04-09.

How severe is CVE-2026-5844?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in D-link Dir-882

CVE-2026-5844

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The a…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (30.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

D-link Dir-882 — versions 1.01B02
Dlink Dir-882 — versions a1
Dlink Dir-882_firmware — versions 1.01b02

Weakness classification (CWE)

References

VDB-356329 | D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection (technical-description, Third Party Advisory, VDB Entry, vdb-entry)
VDB-356329 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #790290 | D-Link DIR-882 1.01B02 OS Command Injection (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (Exploit, exploit)
cna@vuldb.com (Product, product)

Frequently asked questions

What is CVE-2026-5844?: CVE-2026-5844 is a high-severity vulnerability in D-link Dir-882, classified under Command Injection. CVSS score: 7.2/10. Published 2026-04-09.
How severe is CVE-2026-5844?: High severity. CVSS v3 base score is 7.2 out of 10.