A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 21 May 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-823x
Dlink dir-823x Firmware
CPEs cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-823x_firmware:240802:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-823x
Dlink dir-823x Firmware

Tue, 25 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 24 Mar 2025 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title D-Link DIR-823X HTTP POST Request diag_nslookup sub_41710C os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-03-25T13:29:34.768Z

Reserved: 2025-03-24T11:48:22.858Z

Link: CVE-2025-2717

cve-icon Vulnrichment

Updated: 2025-03-25T13:29:25.596Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-25T00:15:15.290

Modified: 2025-05-21T16:51:45.623

Link: CVE-2025-2717

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.