CVE-2026-11339
MEDIUM NVDCVSS Score
6.3
Severity
MEDIUM
Source
NVD
Published
Jun 05, 2026
Description
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.