Impact
The flaw exists in the set_mac_clone function of the DIR-823X firmware 250416 and represents an OS command injection vulnerability (CWE-78) and an improper restriction of operations within a shell command (CWE-77). By sending a crafted mac argument to /goform/set_mac_clone, an attacker can inject arbitrary OS commands, resulting in remote code execution on the device.
Affected Systems
Affected are D-Link DIR-823X routers running firmware 250416. The flaw lies in the set_mac_clone endpoint and is specific to this firmware version. No other D-Link models or firmware versions are known to be impacted at this time.
Risk and Exploitability
The CVSS score of 5.1 indicates moderate severity. EPSS 4% suggests a moderate probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. According to the description, the flaw can be triggered via remote HTTP requests to the /goform/set_mac_clone endpoint. By manipulating the mac argument, an attacker can inject arbitrary OS commands, achieving remote code execution on the affected router. The publicly available exploit increases the likelihood of targeted attacks. No additional impact details are given in the description.
OpenCVE Enrichment