CVE-2026-11339

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published Jun 05, 2026

Vendor unknown

Description

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

References

https://github.com/7u7777/Dlink/blob/DWR-M920/formUSSDSetup.md
https://vuldb.com/cve/CVE-2026-11339
https://vuldb.com/submit/832579
https://vuldb.com/vuln/368881
https://vuldb.com/vuln/368881/cti