Command Injection in D-Link DIR-1260 Wi-Fi Router Firmware
CVE-2022-50596

9.3CRITICAL

Key Information:

Vendor: Suitecrm
Status: Suitecrm
Vendor: CVE Published:; 6 November 2025

What is CVE-2022-50596?

The D-Link DIR-1260 Wi-Fi router contains a command injection flaw within its web-based management interface, affecting firmware versions up to v1.20B05. This vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges by manipulating the SetDest/Dest/Target parameters in the GetDeviceSettings form. Access to this management interface is possible over both HTTP and HTTPS on local, Wi-Fi, and optionally, Internet networks, exposing users to potential unauthorized interactions.