MEDIUM SeverityCVSS 4.05.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

CVE-2026-8346

Last updated May 11, 2026 · Published May 11, 2026

Description

A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.

Affected products

1 listed

D-Link:DIR-816

Mappings

CWE

CWE-74CWE-77

CAPEC

None listed.

Research

Command injection: how it works and how to prevent itCommand injection happens when untrusted input reaches a shell or process spawn. Avoid the shell, pass…

Training

Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.
Input Validation and Schema EnforcementValidate early, validate strictly - schemas, allowlists, and type-safe boundaries.

CVE-2026-8346

Description

Affected products

Mappings

Related