| Title | D-Link DIR-823X <= V250416 Command Injection |
|---|
| Description | The latest version 250416 (250416) of the D-LINK DIR-823X router has an unauthorized command execution vulnerability. The specific vulnerability exists in the /usr/sbin/goahead file. When accessing the route /goform/set_static_leases and making a specific field request, arbitrary commands can be executed without authentication, achieving remote command execution and even obtaining a shell. |
|---|
| Source | ⚠️ https://github.com/lin-3-start/lin-cve/blob/main/DIR-823X/D-Link%20DIR-823X%20routers%20have%20an%20unauthorized%20command%20execution%20vulnerability.md |
|---|
| User | QMSSDXN (UID 88719) |
|---|
| Submission | 09/02/2025 11:01 AM (6 months ago) |
|---|
| Moderation | 09/08/2025 05:19 PM (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323093 [D-Link DIR-823X up to 250416 set_static_leases sub_415028 Hostname command injection] |
|---|
| Points | 20 |
|---|