Skip to content
CVSS 7.3 · HIGH

CVE-2026-7067

A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

View on NVD

Analysis

This vulnerability affects the firmware of a specific, end-of-life D-Link router model via a command injection in the DHCP service. It is limited to legacy consumer hardware and does not impact the software development tools, cloud infrastructure, or server stacks typically used by the community.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-77

EPSS

Probability of exploitation (next 30 days): 0.0158 (1.6%)
Percentile: 81.7%
EPSS: 2026-05-06

Affects

dlink:dir-822_firmwaredlink:dir-822

Technical description

A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 4/27/2026, 12:16:20 AM
Last modified: 4/30/2026, 2:09:13 PM

References

HomeEventsBlogResourcesTeam