Impact
The vulnerability is a command injection flaw that resides in the function sub_412E7C, which processes the wd_enable argument on the /goform/set_wifidog_settings web interface of the D‑Link DIR‑823X router. Manipulating this argument enables the attacker to execute arbitrary shell commands on the device, potentially granting full control of the router. The flaw is a classic command injection weakness (CWE‑74) that allows an attacker to inject and run malicious commands, and could be used as a foothold for further attacks such as data exfiltration, network pivoting or complete device compromise.
Affected Systems
All D‑Link DIR‑823X routers running the 250416 firmware build are affected by this issue. The vulnerability appears in the hardware model DIR‑823X and any firmware version that includes the vulnerable sub_412E7C code. Users of the 250416 revision are directly impacted.
Risk and Exploitability
The flaw scores 6.9 on the CVSS scale and has an EPSS score of 14%, indicating a moderate probability of exploitation. The attack can be executed remotely. Based on the description, it is inferred that the attacker only needs internet connectivity to reach the router’s management interface, and that the exploit can be performed without user interaction. The vulnerability is not listed in the CISA KEV catalog, but the combination of remote reach and moderate exploitation probability means it remains a significant threat to network infrastructure.
OpenCVE Enrichment