Description
A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-01-18
Score: 6.9 Medium
EPSS: 14.4% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a command injection flaw that resides in the function sub_412E7C, which processes the wd_enable argument on the /goform/set_wifidog_settings web interface of the D‑Link DIR‑823X router. Manipulating this argument enables the attacker to execute arbitrary shell commands on the device, potentially granting full control of the router. The flaw is a classic command injection weakness (CWE‑74) that allows an attacker to inject and run malicious commands, and could be used as a foothold for further attacks such as data exfiltration, network pivoting or complete device compromise.

Affected Systems

All D‑Link DIR‑823X routers running the 250416 firmware build are affected by this issue. The vulnerability appears in the hardware model DIR‑823X and any firmware version that includes the vulnerable sub_412E7C code. Users of the 250416 revision are directly impacted.

Risk and Exploitability

The flaw scores 6.9 on the CVSS scale and has an EPSS score of 14%, indicating a moderate probability of exploitation. The attack can be executed remotely. Based on the description, it is inferred that the attacker only needs internet connectivity to reach the router’s management interface, and that the exploit can be performed without user interaction. The vulnerability is not listed in the CISA KEV catalog, but the combination of remote reach and moderate exploitation probability means it remains a significant threat to network infrastructure.

Generated by OpenCVE AI on June 18, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a fixed version that removes the command injection flaw.
  • If a firmware upgrade is unavailable, block or restrict access to the /goform/set_wifidog_settings endpoint using firewall rules or web‑filtering settings to prevent unauthenticated manipulation of wd_enable.
  • Restrict access to the router’s management interface to trusted internal networks or via VPN to limit exposure to the public internet.
  • Isolate exposed routers on a separate network segment and enforce strict access controls to reduce potential lateral movement by a compromised device.

Generated by OpenCVE AI on June 18, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
References

Fri, 30 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-823x
Dlink dir-823x Firmware
CPEs cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-823x_firmware:250126:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-823x
Dlink dir-823x Firmware

Tue, 20 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-823x
Vendors & Products D-link
D-link dir-823x

Sun, 18 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Title D-Link DIR-823X set_wifidog_settings sub_412E7C command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dir-823x
Dlink Dir-823x Dir-823x Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:39:23.157Z

Reserved: 2026-01-17T18:18:14.233Z

Link: CVE-2026-1125

cve-icon Vulnrichment

Updated: 2026-01-20T16:41:40.353Z

cve-icon NVD

Status : Modified

Published: 2026-01-18T16:15:50.810

Modified: 2026-06-17T10:15:08.613

Link: CVE-2026-1125

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T11:30:04Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')