Description
A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Published: 2026-02-07
Score: 5.1 Medium
EPSS: 4.5% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists in the set_mac_clone function of the DIR-823X firmware 250416 and represents an OS command injection vulnerability (CWE-78) and an improper restriction of operations within a shell command (CWE-77). By sending a crafted mac argument to /goform/set_mac_clone, an attacker can inject arbitrary OS commands, resulting in remote code execution on the device.

Affected Systems

Affected are D-Link DIR-823X routers running firmware 250416. The flaw lies in the set_mac_clone endpoint and is specific to this firmware version. No other D-Link models or firmware versions are known to be impacted at this time.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity. EPSS 4% suggests a moderate probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. According to the description, the flaw can be triggered via remote HTTP requests to the /goform/set_mac_clone endpoint. By manipulating the mac argument, an attacker can inject arbitrary OS commands, achieving remote code execution on the affected router. The publicly available exploit increases the likelihood of targeted attacks. No additional impact details are given in the description.

Generated by OpenCVE AI on June 18, 2026 at 11:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest firmware that fixes the set_mac_clone command injection flaw.
  • Disable MAC cloning feature or remove access to /goform/set_mac_clone by adjusting router settings.
  • Restrict exposure of the router to the internet by applying network segmentation and firewall rules to block HTTP access from untrusted networks.
  • As an interim workaround, block the /goform/set_mac_clone endpoint using the router’s firewall or local network firewall.

Generated by OpenCVE AI on June 18, 2026 at 11:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-823x
Dlink dir-823x Firmware
CPEs cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-823x
Dlink dir-823x Firmware

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-823x
Vendors & Products D-link
D-link dir-823x

Sat, 07 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Title D-Link DIR-823X set_mac_clone os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dir-823x
Dlink Dir-823x Dir-823x Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:31:16.516Z

Reserved: 2026-02-06T08:07:43.709Z

Link: CVE-2026-2082

cve-icon Vulnrichment

Updated: 2026-02-10T15:41:52.034Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-07T10:15:52.373

Modified: 2026-06-17T10:30:16.660

Link: CVE-2026-2082

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T11:15:03Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')