CVE-2026-11339 | D-Link DWR-M920 up to 1.1.50 /boafrm/formUSSDSetup sub_41CF20 ussdValue command injection

A vulnerability categorized as critical has been discovered in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection.

This vulnerability is known as CVE-2026-11339. It is possible to launch the attack remotely. Furthermore, an exploit is available.VulDB Recent EntriesRead More