Description
A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-01-28
Score: 5.3 Medium
EPSS: 3.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the DIR‑823X firmware version 250416 allows an attacker to supply a crafted lan_gateway value to the /goform/set_mode service, triggering an OS command injection that is indicated by CWE‑77 and CWE‑78. The vulnerability permits execution of arbitrary shell commands on the router, giving the attacker full control of the device. No additional authentication or local privileges are required if the endpoint is reachable over the network.

Affected Systems

The issue affects only D‑Link DIR‑823X routers running firmware 250416, which are no longer supported by the manufacturer and may still be deployed in unpatched networks.

Risk and Exploitability

With a CVSS score of 5.3 the flaw represents moderate impact, while an EPSS score of 3 % indicates a low probability of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that the attack vector is remote HTTP access to the /goform/set_mode endpoint; the attacker needs the router to be reachable and the vulnerable parameter to be controllable via network traffic.

Generated by OpenCVE AI on June 18, 2026 at 05:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router to the latest available firmware that removes the vulnerability
  • If no update exists, block or disable the /goform/set_mode endpoint using network segmentation or a firewall rule to prevent remote command injection
  • Disable remote administration features or restrict access to trusted IP addresses so that the vulnerable API is not exposed to potential attackers

Generated by OpenCVE AI on June 18, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-823x
Dlink dir-823x Firmware
CPEs cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-823x
Dlink dir-823x Firmware

Thu, 29 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 29 Jan 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-823x
Vendors & Products D-link
D-link dir-823x

Wed, 28 Jan 2026 21:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-823X set_mode sub_41E2A0 os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dir-823x
Dlink Dir-823x Dir-823x Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:01:40.400Z

Reserved: 2026-01-28T15:18:21.972Z

Link: CVE-2026-1544

cve-icon Vulnrichment

Updated: 2026-01-29T16:02:56.401Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-28T22:15:55.277

Modified: 2026-06-17T10:16:02.363

Link: CVE-2026-1544

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:30:15Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')