Medium severity6.3NVD Advisory· Published Feb 8, 2026· Updated Apr 29, 2026
CVE-2026-2168
CVE-2026-2168
Description
A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:o:dlink:dwr-m921_firmware:1.1.50:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- github.com/LX-66-LX/cve-new/issues/2nvdExploitIssue Tracking
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
- www.dlink.comnvdProduct
News mentions
0No linked articles in our index yet.