VYPR
Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 21, 2025

D-Link DIR-1260 <= v1.20B05 GetDeviceSettings Unauthenticated Command Injection

CVE-2022-50596

Description

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dlink/DIR-1260llm-create2 versions
    <= v1.20B05+ 1 more
    • (no CPE)range: <= v1.20B05
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.