Primary

Context

D-Link R15 AX1500 Command Injection Vulnerability in httpd

Vulnerability

Patched

A command injection vulnerability has been identified in the D-Link R15 AX1500 router, in firmware versions 1.20.01 and earlier. This vulnerability arises from inadequate validation of user input in the web administration interface. By manipulating the model name parameter during a password change request, it is possible to execute arbitrary system commands on the device.

Impact

Exploitation of this vulnerability allows an authenticated user to execute arbitrary commands on the router's operating system.

Remediation

Users are advised to update to the version R15A1_FW120B99_Beta. After updating, it is important to verify the success of the update by checking the device's software version against the version of the update.

Added: Dec 2, 2025, 6:22 PM

Updated: Dec 2, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link R15 AX1500 Command Injection Vulnerability in httpd

Vulnerability

Impact

Remediation

Affected Products

D-Link R15

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating