| عنوان | D-Link DIR-823X 250416 OS Command Injection |
|---|
| الوصف | D-Link DIR-823X routers are susceptible to a Remote Command Injection vulnerability via the /goform/set_password endpoint. The vulnerability exists in the backend handling of the http_passwd parameter. Due to an incomplete sanitization mechanism that fails to filter newline characters (\n or 0x0A), an authenticated attacker who knows the current administrator password can inject arbitrary shell commands. These commands are executed with root privileges when the UCI configuration is committed and the system shell processes the modified configuration. |
|---|
| المصدر | ⚠️ https://github.com/master-abc/cve/issues/22 |
|---|
| المستخدم | 942384053 (UID 94603) |
|---|
| ارسال | 23/01/2026 02:53 PM (3 أشهر منذ) |
|---|
| الاعتدال | 06/02/2026 09:07 AM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344648 [D-Link DIR-823X 250416 /goform/set_password http_passwd تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|