Dir 823x Firmware
Sign in to watchby Dlink
Source repositories
CVEs (20)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-29635 | Hig | 0.63 | 7.2 | 0.58 | KEV | Mar 25, 2025 | A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. |
| CVE-2026-1125 | Hig | 0.47 | 7.3 | 0.00 | Jan 18, 2026 | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | |
| CVE-2025-10123 | Hig | 0.47 | 7.3 | 0.00 | Sep 9, 2025 | A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2026-1544 | Med | 0.41 | 6.3 | 0.00 | Jan 28, 2026 | A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2025-14208 | Med | 0.41 | 6.3 | 0.00 | Dec 8, 2025 | A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |
| CVE-2025-11100 | Med | 0.41 | 6.3 | 0.00 | Sep 28, 2025 | A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |
| CVE-2025-11099 | Med | 0.41 | 6.3 | 0.00 | Sep 28, 2025 | A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2025-11098 | Med | 0.41 | 6.3 | 0.00 | Sep 28, 2025 | A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. | |
| CVE-2025-11097 | Med | 0.41 | 6.3 | 0.00 | Sep 28, 2025 | A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-11096 | Med | 0.41 | 6.3 | 0.00 | Sep 28, 2025 | A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. | |
| CVE-2025-11095 | Med | 0.41 | 6.3 | 0.00 | Sep 28, 2025 | A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |
| CVE-2025-11092 | Med | 0.41 | 6.3 | 0.00 | Sep 28, 2025 | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | |
| CVE-2025-10814 | Med | 0.41 | 6.3 | 0.00 | Sep 22, 2025 | A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2025-10634 | Med | 0.41 | 6.3 | 0.00 | Sep 18, 2025 | A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |
| CVE-2025-10401 | Med | 0.41 | 6.3 | 0.00 | Sep 14, 2025 | A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |
| CVE-2026-2082 | Med | 0.31 | 4.7 | 0.00 | Feb 7, 2026 | A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used. | |
| CVE-2026-2081 | Med | 0.31 | 4.7 | 0.00 | Feb 7, 2026 | A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2026-2063 | Med | 0.31 | 4.7 | 0.00 | Feb 6, 2026 | A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | |
| CVE-2026-2061 | Med | 0.31 | 4.7 | 0.00 | Feb 6, 2026 | A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2026-1685 | Low | 0.24 | 3.7 | 0.00 | Jan 30, 2026 | A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. |