| عنوان | dlink DIR-823X 250416 OS Command Injection |
|---|
| الوصف | D-Link DIR-823X routers are susceptible to a Remote Command Injection vulnerability via the /goform/set_mac_clone endpoint. The vulnerability exists in the backend handling of the mac parameter. Due to an incomplete sanitization mechanism that fails to filter newline characters (\n), an authenticated attacker can inject arbitrary shell commands. These commands are subsequently executed by the system shell with root privileges when the network service restarts. |
|---|
| المصدر | ⚠️ https://github.com/master-abc/cve/issues/21 |
|---|
| المستخدم | jiefengliang (UID 93721) |
|---|
| ارسال | 23/01/2026 05:26 PM (3 أشهر منذ) |
|---|
| الاعتدال | 06/02/2026 09:07 AM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344649 [D-Link DIR-823X 250416 /goform/set_mac_clone mac تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|