关键漏洞信息 Title: D-Link DWR-M921 V1.1.50 Command Injection Description: A critical command injection vulnerability was found in the USSD configuration endpoint '/boafrm/formUSSDSetup'. The vulnerability lies in the 'sub_419F20' function, which uses the user-controlled 'ussdValue' parameter and injects it directly into a system command string associated with the 'at-mngr' utility. The vulnerabilities result from insufficient sanitization of single quotes, which can be exploited by authenticated attackers to execute arbitrary OS commands with root privileges. Source: https://github.com/LX-66-LX/cve-new/issues/1 User: LX-66-LX (UID 92717) Submission Date: 01/24/2026 03:36 PM Moderation Date: 02/06/2026 09:20 AM Status: Accepted VulDB Entry: 2344652 Points: 20