{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4465", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-19T20:28:56.507Z", "datePublished": "2026-03-20T02:02:14.751Z", "dateUpdated": "2026-03-20T14:40:38.611Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T02:02:14.751Z"}, "title": "D-Link DIR-513 formSysCmd os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "D-Link", "product": "DIR-513", "versions": [{"version": "1.10", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-19T21:34:01.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "AttackingLin (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.351755", "name": "VDB-351755 | D-Link DIR-513 formSysCmd os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351755", "name": "VDB-351755 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.772866", "name": "Submit #772866 | D-Link DIR-513 1.10 RCE", "tags": ["third-party-advisory"]}, {"url": "https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSysCmd.pdf", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T14:40:31.350906Z", "id": "CVE-2026-4465", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:40:38.611Z"}}]}}

{}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer."}], "id": "CVE-2026-4465", "lastModified": "2026-03-20T13:37:50.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-20T02:16:40.043", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSysCmd.pdf"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351755"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351755"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.772866"}, {"source": "cna@vuldb.com", "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.10"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DIR-513", "source": "cna", "vendor": "D-Link"}, "product": "dir-513", "vendor": "d-link"}], "analysis": {"en": {"generated_at": "2026-03-20T03:50:21.209519+00:00", "value": {"mitigation_remediation": ["Check the D-Link website or contact support for a firmware update that removes the command injection flaw.", "If an update is available, download and install it on all affected DIR-513 routers.", "If no update is released, restrict external access to the router\u2019s administrative interface by blocking or filtering traffic to ports 80/443 that expose /goform/formSysCmd.", "Monitor the network for anomalous traffic or signs of exploitation against the device."], "summary": {"action": "Apply Patch", "impact": "Remote OS Command Injection"}, "threat_synthesis": {"affected_systems": "Only the D-Link DIR-513 router running firmware version 1.10 is affected. Devices with other firmware versions or devices from other manufacturers are not susceptible to this flaw, as stated by the vendor description.", "description_and_impact": "The vulnerability in the D-Link DIR-513 router\u2019s /goform/formSysCmd endpoint allows an attacker to manipulate the sysCmd argument and execute arbitrary operating\u2011system commands on the device. The command is passed to the underlying shell with insufficient validation, resulting in OS command injection and falling under CWE-77 and CWE-78. Successful exploitation can provide the attacker with full control over the router\u2019s operating system, enabling data exfiltration, network disruption, or pivoting to other devices on the LAN.", "risk_and_exploitability": "The CVSS score for this vulnerability is 5.3, indicating moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, an exploit has been published and can be launched remotely, making it a realistic threat for exposed routers that have not been updated."}}}}, "created": "2026-03-20T08:53:08.934462+00:00", "updated": "2026-03-20T10:37:52.910161+00:00", "vendors": ["d-link", "d-link$PRODUCT$dir-513"]}