CVE-2026-8346 PUBLISHED

A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.

• stksgg (VulDB User) reporter

• VDB-362662 | D-Link DIR-816 portForward command injection
• VDB-362662 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #811380 | D-Link DIR816 DIR-816A2_FWv1.10CNB05_R1B011D88210.img Command Injection
• https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/3.md
• https://www.dlink.com/

• Command Injection CWE
• Injection CWE