Vulnerabilities ›

CVE-2026-7067

High ⚡ Exploit Available

CWE-74 — Weakness Type

                    Published: Apr 27, 2026                      ·  Modified: May 3, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Executive Summary

CVE-2026-7067 is a remote command injection vulnerability in D-Link DIR-822 A_101 router's DHCP service that allows attackers to execute arbitrary commands via a malicious Hostname argument. The vulnerability affects unsupported product versions and has been publicly disclosed.

📄 Description (Arabic)

ثغرة حقن أوامر في خدمة DHCP بجهاز التوجيه D-Link DIR-822 A_101 تسمح بتنفيذ أوامر نظام تعسفية عند معالجة معامل Hostname ضار. يمكن استغلال الثغرة عن بعد دون الحاجة إلى مصادقة، وقد تم الكشف عن طريقة الاستغلال علناً.

🤖 ملخص تنفيذي (AI)

ثغرة حقن أوامر بعيدة في جهاز التوجيه D-Link DIR-822 A_101 تسمح للمهاجمين بتنفيذ أوامر تعسفية عبر معامل Hostname ضار. تؤثر الثغرة على إصدارات المنتج غير المدعومة وتم الكشف عنها علناً.

🤖 AI Intelligence Analysis Analyzed: May 5, 2026 16:54

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government banking energy

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1078

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Immediately discontinue use of D-Link DIR-822 A_101 routers and replace with supported models. If replacement is not immediately possible, isolate affected devices from critical networks, disable DHCP service if not required, implement network segmentation, and monitor for suspicious DHCP traffic patterns.

🔧 خطوات المعالجة (العربية)

توقف فوري عن استخدام أجهزة التوجيه D-Link DIR-822 A_101 واستبدالها بنماذج مدعومة. إذا لم يكن الاستبدال ممكناً فوراً، عزل الأجهزة المتأثرة عن الشبكات الحرجة، تعطيل خدمة DHCP إن لم تكن مطلوبة، تطبيق تقسيم الشبكة، ومراقبة أنماط حركة DHCP المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 6.1 6.2

🔵 SAMA CSF

ID.BE-5 PR.AC-1 PR.DS-2 DE.CM-1

🟡 ISO 27001:2022

A.12.6.1 A.13.1.1 A.14.2.1

🔗 References & Sources 5

🔗

https://tzh00203.notion.site/D-Link-DIR-822-A1-Command-Injection-in-udhcpd-via-DHCP-Hos...

cna@vuldb.com

Exploit Third Party Advisory

🔗

https://vuldb.com/submit/798645

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/vuln/359642

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/vuln/359642/cti

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://www.dlink.com/

cna@vuldb.com

Product

📦 Affected Products / CPE 1 entries

dlink:dir-822_firmware:1.0.1

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-74

EPSS1.03%

Exploit ✓ Yes

Patch ✗ No

Published 2026-04-27

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-7067

💬 Comments

Introduce Yourself

Sign In Required