Description
A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
Published: 2026-02-08
Score: 8.6 High
EPSS: 3.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote attacker can manipulate the terminal_addr, server_ip, or server_port parameters in the /goform/set_server_settings configuration interface, causing the router to execute arbitrary operating system commands. This creates a severe remote command execution vulnerability that could compromise the router’s integrity, confidentiality, and availability. The flaw arises from an unsanitized input handling, classified under CWE-77 and CWE-78.

Affected Systems

The flaw is present in D‑Link DIR‑823X routers running firmware 250416. Any device from the DIR‑823X family that has not applied a firmware update that addresses this issue remains vulnerable.

Risk and Exploitability

The CVSS score of 8.6 classifies the flaw as high severity, while the EPSS score of 4% indicates a moderate likelihood that exploitation may occur. The vulnerability can be triggered remotely over the network by sending crafted requests to the router’s web interface; publicly available proof‑of‑concept or exploit code is documented. The vulnerability is not yet listed in the CISA KEV catalog, but the high impact warrants proactive mitigation.

Generated by OpenCVE AI on June 18, 2026 at 11:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router to the latest firmware version from D‑Link that addresses the /goform/set_server_settings command injection flaw.
  • If an update is not yet available, restrict or block remote access to the /goform/set_server_settings endpoint to prevent unauthorized configuration changes.
  • Enforce strong administrative passwords and change the default credentials to reduce the risk of unauthorized access.
  • Monitor the router’s logs for abnormal command execution attempts and implement network segmentation around the router to limit the blast radius in case of compromise.

Generated by OpenCVE AI on June 18, 2026 at 11:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-823x
Dlink dir-823x Firmware
CPEs cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-823x
Dlink dir-823x Firmware

Tue, 10 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-823x
Vendors & Products D-link
D-link dir-823x

Sun, 08 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
Title D-Link DIR-823X Configuration Parameter set_server_settings os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dir-823x
Dlink Dir-823x Dir-823x Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:36:13.546Z

Reserved: 2026-02-06T14:46:38.967Z

Link: CVE-2026-2120

cve-icon Vulnrichment

Updated: 2026-02-10T19:34:29.540Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-08T01:16:09.990

Modified: 2026-06-17T10:30:21.353

Link: CVE-2026-2120

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T11:15:03Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')