VYPR

DIR-823x

by Dlink

CVEs (19)

  • CVE-2025-29635HigKEVMar 25, 2025
    risk 0.60cvss 7.2epss 0.87

    A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

  • CVE-2025-10123HigSep 9, 2025
    risk 0.48cvss 7.3epss 0.04

    A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely.…

  • CVE-2025-10401MedSep 14, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit…

  • CVE-2025-1103Feb 7, 2025
    risk 0.01cvss epss 0.11

    A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to…

  • CVE-2024-39962Jul 19, 2024
    risk 0.01cvss epss 0.02

    D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.

  • CVE-2026-2210Feb 9, 2026
    risk 0.00cvss epss 0.04

    A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

  • CVE-2026-2175Feb 8, 2026
    risk 0.00cvss epss 0.04

    A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2026-2157Feb 8, 2026
    risk 0.00cvss epss 0.04

    A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be…

  • CVE-2026-2155Feb 8, 2026
    risk 0.00cvss epss 0.04

    A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can…

  • CVE-2026-2143Feb 8, 2026
    risk 0.00cvss epss 0.04

    A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command…

  • CVE-2026-2142Feb 8, 2026
    risk 0.00cvss epss 0.06

    A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the…

  • CVE-2026-2129Feb 8, 2026
    risk 0.00cvss epss 0.04

    A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The attack may be initiated…

  • CVE-2026-2120Feb 8, 2026
    risk 0.00cvss epss 0.04

    A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command…

  • CVE-2026-2084Feb 7, 2026
    risk 0.00cvss epss 0.04

    A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-29041Apr 17, 2025
    risk 0.00cvss epss 0.01

    An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c

  • CVE-2025-29040Apr 17, 2025
    risk 0.00cvss epss 0.01

    An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c

  • CVE-2025-2717Mar 24, 2025
    risk 0.00cvss epss 0.04

    A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os…

  • CVE-2025-0492Jan 15, 2025
    risk 0.00cvss epss 0.02

    A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the…

  • CVE-2024-39202Jul 8, 2024
    risk 0.00cvss epss 0.01

    D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.