Medium severity6.3NVD Advisory· Published Sep 18, 2025· Updated Apr 29, 2026
CVE-2025-10634
CVE-2025-10634
Description
A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Affected products
3cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-823x_firmware:240802:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/Cpppq43/D-Link/blob/main/DIink-DIR-823x.mdnvdExploitThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- pan.baidu.com/s/1dWnXEa58P0KHw53L9U_PoQnvdBroken Link
- vuldb.comnvdPermissions RequiredVDB Entry
- www.dlink.comnvdProduct
News mentions
0No linked articles in our index yet.