| Titel | D-Link DIR-823X <= V250416 Command Injection |
|---|
| Beschreibung | The latest version 250416 (250416) of the D-LINK DIR-823X router has an unauthorized command execution vulnerability. The specific vulnerability exists in the /usr/sbin/goahead file. When accessing the route /goform/set_static_leases and making a specific field request, arbitrary commands can be executed without authentication, achieving remote command execution and even obtaining a shell. |
|---|
| Quelle | ⚠️ https://github.com/lin-3-start/lin-cve/blob/main/DIR-823X/D-Link%20DIR-823X%20routers%20have%20an%20unauthorized%20command%20execution%20vulnerability.md |
|---|
| Benutzer | QMSSDXN (UID 88719) |
|---|
| Einreichung | 02.09.2025 11:01 (vor 10 Monaten) |
|---|
| Moderieren | 08.09.2025 17:19 (6 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 323093 [D-Link DIR-823X bis 250416 set_static_leases sub_415028 Hostname erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|