Impact
The subroutine that handles the /goform/set_ipv6 command in D‑Link DIR‑823X firmware 250416 permits an attacker to inject arbitrary operating‑system commands. The flaw exists in the web‑based configuration interface and can be triggered remotely by supplying carefully crafted input. An attacker who succeeds in exploiting the injection can execute commands with the privileges of the web server process, potentially gaining full control of the router’s operating system, which can lead to unauthorized configuration changes, data exfiltration, or further lateral movement within the network.
Affected Systems
The vulnerability affects D‑Link’s DIR‑823X router running firmware build 250416. No other firmware revisions are documented as affected in the CVE data.
Risk and Exploitability
The CVSS score of 5.1 indicates a moderate severity. The EPSS 4% points to a relatively low probability of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is via HTTP requests to the device’s web interface, specifically the /goform/set_ipv6 endpoint, which may be reachable from external networks. If access is unrestricted, the attacker could craft an input that causes the server to execute arbitrary commands on the device.
OpenCVE Enrichment