Description

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet.

INFO

Published Date :

2025-11-06T19:58:51.704Z

Last Modified :

2025-11-06T20:28:19.201Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2022-50596 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-50596.

URL Resource
https://blog.exodusintel.com/2022/05/11/d-link-dir-1260-getdevicesettings-pre-auth-command-injection-vulnerability/ cve-icon cve-icon
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10298 cve-icon cve-icon
https://www.vulncheck.com/advisories/dlink-dir1260-getdevicesettings-unauthenticated-command-injection cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability