CVE-2026-8344 MEDIUM

CVE-2026-8344: D-Link DIR-816 formDMZ.cgi sub_445E7C command injection

Vendor D-Link
Product DIR-816
Weakness CWE-77
Published May 11, 2026
Last update May 17, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Key dates

02Disclosure timeline

May 11, 2026 CVE published
May 17, 2026 Record updated