QwikSec

Security Database

CVE

CWE

Training

CVE-2022-50596

Published: Nov 6, 2025

Modified: May 14, 2026

PUBLISHED

Description

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet.

Vendor	Product	Versions
D-Link	DIR-1260	affected `0 - <= 1.20B05`

Weaknesses (CWE)

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10298

vendor-advisory

patch

https://blog.exodusintel.com/2022/05/11/d-link-dir-1260-getdevicesettings-pre-auth-command-injection-vulnerability/

technical-description

https://www.vulncheck.com/advisories/dlink-dir1260-getdevicesettings-unauthenticated-command-injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2022-50596 - Security Vulnerability | QwikSec