CVE-2026-1125 - Vulnerability Details

- D-Link DIR-823X set_wifidog_settings sub_412E7C command injection

Description

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Published: 2026-01-18

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a command injection flaw in the sub_412E7C function that processes the wd_enable argument on the /goform/set_wifidog_settings interface of the D-Link DIR‑823X router. By injecting crafted payloads, an attacker can execute arbitrary shell commands on the device, potentially gaining full control and enabling further malicious actions such as data exfiltration, network pivoting, or device compromise.

Affected Systems

All D‑Link DIR‑823X routers running firmware build 250416 contain this issue. The vulnerability appears in the hardware model DIR‑823X and any firmware version that includes the vulnerable sub_412E7C code. Affected customers are those using the 250416 firmware revision.

Risk and Exploitability

The vulnerability scores 6.9 on the CVSS scale and has an EPSS score of less than 1 %, indicating a very low probability of widespread exploitation at present. The flaw is remotely exploitable, meaning an attacker only needs internet connectivity to reach the router’s management interface. Although publicly available exploits exist, the low exploitation probability suggests that attackers may have not yet widely deployed this vector. The vulnerability is not listed in the CISA KEV catalog, but it remains a potential threat for privileged network devices.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-823X

affected

Version	Status	Constraints
`250416`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-823x_firmware:250126:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Dir-823x	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the router firmware to a fixed version that removes the command injection flaw.
If a firmware upgrade is unavailable, block or restrict access to the /goform/set_wifidog_settings endpoint using firewall rules or web‑filtering settings to prevent unauthenticated manipulation of wd_enable.
Isolate exposed routers on a separate network segment and enforce strict access controls to limit potential lateral movement by a compromised device.

Generated by OpenCVE AI on April 18, 2026 at 05:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00199.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/DavCloudz/cve/blob/main/D-link/DIR_823X/DIR-823X%20V250416%20Command%20Execution%20Vulnerability.md
https://vuldb.com/?ctiid.341717
https://vuldb.com/?id.341717
https://vuldb.com/?submit.734966
https://vuldb.com/?submit.743503
https://www.dlink.com/

History

Mon, 23 Feb 2026 08:45:00 +0000

Type	Values Removed	Values Added
References		https://vuldb.com/?submit.743503

Fri, 30 Jan 2026 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-823x Dlink dir-823x Firmware
CPEs		cpe:2.3:h:dlink:dir-823x:-:::::::* cpe:2.3:o:dlink:dir-823x_firmware:250126:::::::*
Vendors & Products		Dlink Dlink dir-823x Dlink dir-823x Firmware

Tue, 20 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 19 Jan 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-823x
Vendors & Products		D-link D-link dir-823x

Sun, 18 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Title		D-Link DIR-823X set_wifidog_settings sub_412E7C command injection
Weaknesses		CWE-74 CWE-77
References		https://github.com/DavCloudz/cve/blob/main/D-link/DIR_823X/DIR-823X%20V250416%20Command%20Execution%20Vulnerability.md https://vuldb.com/?ctiid.341717 https://vuldb.com/?id.341717 https://vuldb.com/?submit.734966 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-823x

Dlink Dir-823x Dir-823x Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-18T16:02:08.755Z

Updated: 2026-02-23T08:39:23.157Z

Reserved: 2026-01-17T18:18:14.233Z

Link: CVE-2026-1125

Vulnrichment

Updated: 2026-01-20T16:41:40.353Z

NVD

Status : Modified

Published: 2026-01-18T16:15:50.810

Modified: 2026-02-23T09:16:43.370

Link: CVE-2026-1125

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T05:30:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object