Title: Dlink DIR-615 v4.10 OS Command Injection Description: - A critical OS command injection vulnerability exists in the URL Filtering configuration logic of the D-Link DIR-615 firmware. - The firmware poorly sanitizes user input in the "URL" field when creating URL blocking rules. - Injecting shell metacharacters into this field allows authenticated attackers to execute arbitrary system commands with root privileges. - The malicious command is stored in a temporary session node, then committed to the device's configuration (NVRAM/RDB), and executed upon firewall rule regeneration. Source:  User: Anonymous User Submission Date: 01/13/2026 04:02 PM Moderation Date: 01/27/2026 09:08 PM Status: Accepted VulDB Entry: 234317 - D-Link DIR-615 4.10 URL Filter /set_temp_nodes.php OS Command Injection Points: 17