A vulnerability identified as critical has been detected in D-Link DWR-M920 up to 1.1.50 . The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup . This manipulation of the argument IMEI_value causes os command injection. This vulnerability is handled as CVE-2026-11341 . The attack can be initiated remotely. Additionally, an exploit exists.