Description
A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-02-06
Score: 5.1 Medium
EPSS: 4.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The subroutine that handles the /goform/set_ipv6 command in D‑Link DIR‑823X firmware 250416 permits an attacker to inject arbitrary operating‑system commands. The flaw exists in the web‑based configuration interface and can be triggered remotely by supplying carefully crafted input. An attacker who succeeds in exploiting the injection can execute commands with the privileges of the web server process, potentially gaining full control of the router’s operating system, which can lead to unauthorized configuration changes, data exfiltration, or further lateral movement within the network.

Affected Systems

The vulnerability affects D‑Link’s DIR‑823X router running firmware build 250416. No other firmware revisions are documented as affected in the CVE data.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity. The EPSS 4% points to a relatively low probability of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is via HTTP requests to the device’s web interface, specifically the /goform/set_ipv6 endpoint, which may be reachable from external networks. If access is unrestricted, the attacker could craft an input that causes the server to execute arbitrary commands on the device.

Generated by OpenCVE AI on June 18, 2026 at 05:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install a firmware update from D‑Link that fixes the command‑injection flaw in the /goform/set_ipv6 handler.
  • If a patch is not yet available, configure firewall rules to allow only trusted internal hosts to access the router’s web‑management interface, specifically the /goform/set_ipv6 endpoint.
  • Disable remote IPv6 configuration features or remove the vulnerable endpoint from the web interface until a vendor patch is applied.
  • Place the router behind a DMZ or VLAN and enforce least‑privilege access controls for management traffic to limit exposure to the Internet.

Generated by OpenCVE AI on June 18, 2026 at 05:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-823x Firmware
Dlink dir-832x
CPEs cpe:2.3:h:dlink:dir-832x:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-823x Firmware
Dlink dir-832x

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-823x
Vendors & Products D-link
D-link dir-823x

Fri, 06 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Title D-Link DIR-823X set_ipv6 sub_424D20 os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dir-823x
Dlink Dir-823x Firmware Dir-832x
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:26:45.939Z

Reserved: 2026-02-06T06:34:43.625Z

Link: CVE-2026-2061

cve-icon Vulnrichment

Updated: 2026-02-06T18:49:00.343Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T18:16:00.513

Modified: 2026-06-17T10:30:13.200

Link: CVE-2026-2061

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:15:16Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')