CVE-2026-11339EPSS p83.9%

CVE-2026-11339CVE-2026-11339

dlink / dwr-m920_firmware

Description

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Scoring

CVSS 6.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS2.68% probability of exploitation · percentile 83.9% · 2026-06-18T12:00:27Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-11341
CVE
CVE-2026-10878
CVE
CVE-2025-13553
CVE
CVE-2025-15192
CVE
CVE-2026-1625
CVE
CVE-2025-15193
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.