Impact
A flaw in the DIR‑823X firmware version 250416 allows an attacker to supply a crafted lan_gateway value to the /goform/set_mode service, triggering an OS command injection that is indicated by CWE‑77 and CWE‑78. The vulnerability permits execution of arbitrary shell commands on the router, giving the attacker full control of the device. No additional authentication or local privileges are required if the endpoint is reachable over the network.
Affected Systems
The issue affects only D‑Link DIR‑823X routers running firmware 250416, which are no longer supported by the manufacturer and may still be deployed in unpatched networks.
Risk and Exploitability
With a CVSS score of 5.3 the flaw represents moderate impact, while an EPSS score of 3 % indicates a low probability of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that the attack vector is remote HTTP access to the /goform/set_mode endpoint; the attacker needs the router to be reachable and the vulnerable parameter to be controllable via network traffic.
OpenCVE Enrichment