VYPR

DIR823G

by Dlink

CVEs (90)

  • CVE-2026-2063MedFeb 6, 2026
    risk 0.31cvss 4.7epss 0.04

    A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be…

  • CVE-2026-2061MedFeb 6, 2026
    risk 0.31cvss 4.7epss 0.04

    A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly…

  • CVE-2026-11492MedJun 8, 2026
    risk 0.28cvss 4.3epss 0.01

    A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit…

  • CVE-2026-1685LowJan 30, 2026
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is…

  • CVE-2023-26613Jun 29, 2023
    risk 0.05cvss epss 0.31

    An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.

  • CVE-2020-25368Nov 4, 2021
    risk 0.03cvss epss 0.13

    A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

  • CVE-2019-7298Feb 1, 2019
    risk 0.03cvss epss 0.10

    An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with…

  • CVE-2020-25367Nov 4, 2021
    risk 0.02cvss epss 0.13

    A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

  • CVE-2019-7297Jan 31, 2019
    risk 0.02cvss epss 0.12

    An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function…

  • CVE-2025-2359Mar 17, 2025
    risk 0.01cvss epss 0.14

    A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to…

  • CVE-2023-44839Oct 5, 2023
    risk 0.01cvss epss 0.08

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2022-44808Nov 22, 2022
    risk 0.01cvss epss 0.04

    A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the…

  • CVE-2022-43109Nov 3, 2022
    risk 0.01cvss epss 0.04

    D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.

  • CVE-2019-15529Aug 23, 2019
    risk 0.01cvss epss 0.08

    An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.

  • CVE-2019-13128Jul 1, 2019
    risk 0.01cvss epss 0.08

    An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.

  • CVE-2026-2210Feb 9, 2026
    risk 0.00cvss epss 0.04

    A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

  • CVE-2026-2175Feb 8, 2026
    risk 0.00cvss epss 0.04

    A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2026-2157Feb 8, 2026
    risk 0.00cvss epss 0.04

    A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be…

  • CVE-2026-2155Feb 8, 2026
    risk 0.00cvss epss 0.04

    A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can…

  • CVE-2026-2143Feb 8, 2026
    risk 0.00cvss epss 0.04

    A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command…

Page 2 of 5