VYPR

Dir 823x Firmware

by Dlink

CVEs (28)

  • CVE-2025-29635HigKEVMar 25, 2025
    risk 0.60cvss 7.2epss 0.87

    A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

  • CVE-2025-10123HigSep 9, 2025
    risk 0.48cvss 7.3epss 0.04

    A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely.…

  • CVE-2026-4193HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSetting…

  • CVE-2026-1125HigJan 18, 2026
    risk 0.47cvss 7.3epss 0.14

    A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The…

  • CVE-2026-1544MedJan 28, 2026
    risk 0.41cvss 6.3epss 0.03

    A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit…

  • CVE-2025-14208MedDec 8, 2025
    risk 0.41cvss 6.3epss 0.03

    A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit…

  • CVE-2025-11100MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

  • CVE-2025-11099MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2025-11098MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made…

  • CVE-2025-11097MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to…

  • CVE-2025-11096MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published…

  • CVE-2025-11095MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is…

  • CVE-2025-11092MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made…

  • CVE-2025-10814MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.06

    A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit…

  • CVE-2025-10634MedSep 18, 2025
    risk 0.41cvss 6.3epss 0.07

    A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes…

  • CVE-2025-10401MedSep 14, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit…

  • CVE-2026-2082MedFeb 7, 2026
    risk 0.31cvss 4.7epss 0.04

    A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly…

  • CVE-2026-2081MedFeb 7, 2026
    risk 0.31cvss 4.7epss 0.05

    A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has…

  • CVE-2026-2063MedFeb 6, 2026
    risk 0.31cvss 4.7epss 0.04

    A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be…

  • CVE-2026-2061MedFeb 6, 2026
    risk 0.31cvss 4.7epss 0.04

    A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly…

Page 1 of 2