CVE-2022-50596
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
13.2%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 11/6/2025
- Last Modified
- 11/28/2025
Frequently Asked Questions
What is CVE-2022-50596?
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet.
Is CVE-2022-50596 actively exploited?
Active exploitation of CVE-2022-50596 has not been confirmed. The EPSS score is 13.2%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2022-50596?
CVE-2022-50596 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2022-50596 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.