CVE-2026-10878 | D-Link DWR-M920 1.1.50/1.1.70 /boafrm/formSmsManage sub_41C8E8 action_value command injection

A vulnerability classified as critical has been found in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection.

This vulnerability is reported as CVE-2026-10878. The attack is possible to be carried out remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More