CVE-2026-10878 in DWR-M920info

Summary

by MITRE • 06/05/2026

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

06/05/2026

Moderation

accepted

Entry

VDB-368368

CPE

ready

CWE

CWE-77 (confirmed)

Exploit

Download

CVSS

6.3 (VulDB)

EPSS

0.00000

KEV

Activities

low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-10878
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-10878
CVE Details	https://www.cvedetails.com/cve/CVE-2026-10878/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!