CVE-2026-2143 - Vulnerability Details

- D-Link DIR-823X DDNS Service set_ddns os command injection

Description

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Published: 2026-02-08

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker to inject arbitrary operating system commands through the DDNS configuration interface of the D-Link DIR-823X. By manipulating parameters such as ddnsType, ddnsDomainName, ddnsUserName, and ddnsPwd, the device can execute unintended commands, leading to full compromise of the device’s operating system. This results in a loss of confidentiality, integrity, and availability of the device and any network resources it controls.

Affected Systems

The issue is present in the D-Link DIR-823X router running firmware version 250416. No other vendors or product versions are explicitly listed, but the scope appears limited to this specific model and firmware build.

Risk and Exploitability

With a CVSS score of 8.6, the severity is high, and the EPSS score indicates a very low yet nonzero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack is reachable remotely via the router’s HTTP interface and typically requires no local access; a threat actor can trigger the injection by sending crafted requests to the /goform/set_ddns endpoint from outside the device’s network. Because it is a direct and straightforward exploitation path, the risk remains significant for any exposed router.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-823X

affected

Version	Status	Constraints
`250416`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Dir-823x	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update from D-Link that addresses the DDNS command injection issue
If a patch is not yet available, disable the DDNS service or block the /goform/set_ddns endpoint using firewall rules to limit access to trusted management IPs
Continuously monitor device logs and network traffic for abnormal command injection attempts and maintain proper network segmentation to isolate the router from critical infrastructure

Generated by OpenCVE AI on April 17, 2026 at 21:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00115.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/master-abc/cve/issues/25
https://vuldb.com/?ctiid.344778
https://vuldb.com/?id.344778
https://vuldb.com/?submit.747492
https://www.dlink.com/

History

Tue, 10 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-823x Dlink dir-823x Firmware
CPEs		cpe:2.3:h:dlink:dir-823x:-:::::::* cpe:2.3:o:dlink:dir-823x_firmware:250416:::::::*
Vendors & Products		Dlink Dlink dir-823x Dlink dir-823x Firmware

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-823x
Vendors & Products		D-link D-link dir-823x

Sun, 08 Feb 2026 08:45:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Title		D-Link DIR-823X DDNS Service set_ddns os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/master-abc/cve/issues/25 https://vuldb.com/?ctiid.344778 https://vuldb.com/?id.344778 https://vuldb.com/?submit.747492 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-823x

Dlink Dir-823x Dir-823x Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-08T08:32:07.565Z

Updated: 2026-02-23T09:40:02.788Z

Reserved: 2026-02-06T21:09:42.389Z

Link: CVE-2026-2143

Vulnrichment

Updated: 2026-02-10T21:18:18.943Z

NVD

Status : Analyzed

Published: 2026-02-08T09:15:51.690

Modified: 2026-02-10T14:57:46.200

Link: CVE-2026-2143

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T22:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object