Zero Day MonitorZDM

← Back to list

7.2

CVE-2026-5844

d-link · dir-882

D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

Description

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Products

Vendor	Product	Versions
d-link	dir-882	1.01B02

References

Related News (1 articles)

Tier C

VulDB2d ago

CVE-2026-5844 | D-Link DIR-882 1.01B02 HNAP1 SetNetworkSettings prog.cgi sprintf IPAddress os command injection

→ No new info (linked only)

CVSS 3.17.2 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-78, CWE-77

PublishedApr 9, 2026

Last enriched1d ago

Trending Score28

Source articles1

Independent1

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2025-45058

CVE-2025-45058: D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. T

HIGHCVE-2025-45057

CVE-2025-45057: D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp funct

HIGHCVE-2025-45059

CVE-2025-45059: D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.

HIGHCVE-2026-5815

D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

D-Link DIR-650IN - Authenticated Command Injection

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026