| Título | dlink DIR-823X 250416 OS Command Injection |
|---|
| Descrição | D-Link DIR-823X routers are susceptible to a Remote Command Injection vulnerability via the /goform/set_mac_clone endpoint. The vulnerability exists in the backend handling of the mac parameter. Due to an incomplete sanitization mechanism that fails to filter newline characters (\n), an authenticated attacker can inject arbitrary shell commands. These commands are subsequently executed by the system shell with root privileges when the network service restarts. |
|---|
| Fonte | ⚠️ https://github.com/master-abc/cve/issues/21 |
|---|
| Utilizador | jiefengliang (UID 93721) |
|---|
| Submissão | 23/01/2026 17h26 (há 3 meses) |
|---|
| Moderação | 06/02/2026 09h07 (14 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 344649 [D-Link DIR-823X 250416 /goform/set_mac_clone mac Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|