{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0732", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-08T15:25:51.430Z", "datePublished": "2026-01-08T23:32:08.177Z", "dateUpdated": "2026-02-23T08:24:48.462Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:24:48.462Z"}, "title": "D-Link DI-8200G upgrade_filter.asp command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "D-Link", "product": "DI-8200G", "versions": [{"version": "17.12.20A1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-08T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-15T09:41:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Yun Zhang (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.340129", "name": "VDB-340129 | D-Link DI-8200G upgrade_filter.asp command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340129", "name": "VDB-340129 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733275", "name": "Submit #733275 | D-Link DI_8200G Router V17.12.20A1 Command Execution", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md", "tags": ["related"]}, {"url": "https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md#poc", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-09T16:22:29.703881Z", "id": "CVE-2026-0732", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:22:38.452Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0732", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-09T16:22:29.703881Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:22:34.914Z"}}], "cna": {"title": "D-Link DI-8200G upgrade_filter.asp command injection", "credits": [{"lang": "en", "type": "reporter", "value": "Yun Zhang (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "product": "DI-8200G", "versions": [{"status": "affected", "version": "17.12.20A1"}]}], "timeline": [{"lang": "en", "time": "2026-01-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-08T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-15T09:41:37.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.340129", "name": "VDB-340129 | D-Link DI-8200G upgrade_filter.asp command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340129", "name": "VDB-340129 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733275", "name": "Submit #733275 | D-Link DI_8200G Router V17.12.20A1 Command Execution", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md", "tags": ["related"]}, {"url": "https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md#poc", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:24:48.462Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0732", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:24:48.462Z", "dateReserved": "2026-01-08T15:25:51.430Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-08T23:32:08.177Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:di-8200g_firmware:17.12.20a1:*:*:*:*:*:*:*", "matchCriteriaId": "759CBE57-D426-4F76-BE51-BBB1276538A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:di-8200g:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8F711B9-4D2E-4FE3-B1DB-68E3F15BCC26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en D-Link DI-8200G 17.12.20A1. Esto afecta una funci\u00f3n desconocida del archivo /upgrade_filter.asp. La manipulaci\u00f3n del argumento path resulta en inyecci\u00f3n de comandos. El ataque puede realizarse de forma remota. El exploit se ha hecho p\u00fablico y podr\u00eda ser utilizado."}], "id": "CVE-2026-0732", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-09T00:15:45.313", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md#poc"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.340129"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.340129"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.733275"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:30:44.075775+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update from D\u2011Link that eliminates the command injection in DI\u20118200G; ensure the device reboots after installation.", "If a firmware upgrade cannot be applied immediately, restrict external access to the /upgrade_filter.asp endpoint by configuring a firewall, VLAN, or ACL so that only trusted internal hosts can reach the router\u2019s administration interface.", "Continuously monitor device logs and network traffic for anomalous command execution attempts or repeated requests to /upgrade_filter.asp, and investigate any findings promptly."], "summary": {"action": "Apply Patch", "impact": "Remote Command Execution via Vulnerable Upgrade Filter"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the D\u2011Link DI\u20118200G router, specifically firmware version 17.12.20A1. No other vendor releases or firmware revisions are listed as affected. The flaw is tied to an unknown function within the upgrade_filter.asp file of this firmware build.", "description_and_impact": "A command injection flaw exists in the /upgrade_filter.asp script when the path argument is unsanitized. The flaw permits an attacker to inject and execute arbitrary operating\u2011system commands, leading to full control over the device. The vulnerability is a classic instance of OS command injection and falls under CWE\u201174 and CWE\u201177. The impact includes compromise of confidentiality, integrity, and availability of the router and any network traffic handled by it.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests low current exploit probability. The flaw is not catalogued in the CISA KEV list. Nonetheless, the public disclosure of a working exploit means that an adversary with network access to the router\u2019s administrative interface can trigger the injection remotely. Exact authentication prerequisites are not provided, and the description indicates the attack may be performed from any remote connection that can contact the web interface."}}}}, "created": "2026-01-09T13:24:15.796382+00:00", "updated": "2026-04-18T07:45:24.969487+00:00", "vendors": ["d-link", "d-link$PRODUCT$di-8200g"]}