CVE-2026-1544 - Vulnerability Details

- D-Link DIR-823X set_mode sub_41E2A0 os command injection

Description

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-01-28

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability in the DIR-823X firmware 250416 allows an attacker to manipulate the lan_gateway parameter in the /goform/set_mode function, resulting in OS command injection and remote command execution. The flaw is exploitable over the network and an exploit has been publicly released. Successful exploitation would enable an adversary to gain full control of the device, potentially allowing further compromise of the connected network.

Affected Systems

D-Link DIR‑823X routers running firmware version 250416, which are no longer supported by the vendor.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate potential for damage, while an EPSS score of less than 1 % suggests low likelihood of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. It is inferred that the attack vector is remote HTTP access to /goform/set_mode, requiring the device to be reachable and the vulnerable parameter to be controllable by the attacker.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-823X

affected

Version	Status	Constraints
`250416`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Dir-823x	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device to the latest supported firmware version when available
If a firmware upgrade is not possible, block or disable the /goform/set_mode endpoint using network segmentation or a firewall rule
Restrict remote management capabilities or disable them entirely to prevent exposure of the vulnerable API

Generated by OpenCVE AI on April 18, 2026 at 01:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/master-abc/cve/issues/16
https://vuldb.com/?ctiid.343228
https://vuldb.com/?id.343228
https://vuldb.com/?submit.739155
https://www.dlink.com/

History

Mon, 09 Feb 2026 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-823x Dlink dir-823x Firmware
CPEs		cpe:2.3:h:dlink:dir-823x:-:::::::* cpe:2.3:o:dlink:dir-823x_firmware:250416:::::::*
Vendors & Products		Dlink Dlink dir-823x Dlink dir-823x Firmware

Thu, 29 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-823x
Vendors & Products		D-link D-link dir-823x

Wed, 28 Jan 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Title		D-Link DIR-823X set_mode sub_41E2A0 os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/master-abc/cve/issues/16 https://vuldb.com/?ctiid.343228 https://vuldb.com/?id.343228 https://vuldb.com/?submit.739155 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-823x

Dlink Dir-823x Dir-823x Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-28T21:32:09.912Z

Updated: 2026-02-23T09:01:40.400Z

Reserved: 2026-01-28T15:18:21.972Z

Link: CVE-2026-1544

Vulnrichment

Updated: 2026-01-29T16:02:56.401Z

NVD

Status : Analyzed

Published: 2026-01-28T22:15:55.277

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-1544

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:45:33Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object