CVE-2026-2155 - Vulnerability Details

- D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection

Description

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Published: 2026-02-08

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in the /goform/set_dmz endpoint of the D‑Link DIR‑823X firmware, where an attacker can manipulate the dmz_host and dmz_enable parameters to execute arbitrary OS commands. This remote command injection allows an adversary to gain full control over the router, compromising confidentiality, integrity, and availability. The vulnerability is a classic case of OS command injection identified by CWE‑77 and CWE‑78.

Affected Systems

D‑Link DIR‑823X routers running firmware version 250416 are affected. No other firmware revisions are known to be vulnerable from the data provided.

Risk and Exploitability

The vulnerability has a CVSS score of 8.6, indicating high severity, but its EPSS score is below 1%, suggesting a low probability of exploitation in the wild. The vulnerability has not been listed in CISA’s KEV catalog, and no official fix or workaround has yet been announced by D‑Link. The attack can be performed remotely via the public web interface, requiring only that the attacker reach the router’s /goform/set_dmz endpoint. The existence of a publicly released exploit increases the risk to any device still running the vulnerable firmware.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-823X

affected

Version	Status	Constraints
`250416`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Dir-823x	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update released by D‑Link for the DIR‑823X that addresses the command‑injection issue.
If a newer firmware is unavailable, remove or disable the DMZ function in the router’s configuration or prevent external access to the web interface that provides the /goform/set_dmz endpoint.
Restrict access to the router’s administration interface to trusted local hosts or narrow the firewall rules to block external IP ranges.
Ensure that any user‑supplied string used in configuration forms is properly validated and sanitized on the server side to avoid OS command injection.

Generated by OpenCVE AI on April 17, 2026 at 21:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00555.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/master-abc/cve/issues/32
https://vuldb.com/?ctiid.344857
https://vuldb.com/?id.344857
https://vuldb.com/?submit.748236
https://vuldb.com/?submit.750038
https://www.dlink.com/

History

Wed, 11 Feb 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-823x Dlink dir-823x Firmware
CPEs		cpe:2.3:h:dlink:dir-823x:-:::::::* cpe:2.3:o:dlink:dir-823x_firmware:250416:::::::*
Vendors & Products		Dlink Dlink dir-823x Dlink dir-823x Firmware

Mon, 09 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-823x
Vendors & Products		D-link D-link dir-823x

Sun, 08 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title		D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/master-abc/cve/issues/32 https://vuldb.com/?ctiid.344857 https://vuldb.com/?id.344857 https://vuldb.com/?submit.748236 https://vuldb.com/?submit.750038 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-823x

Dlink Dir-823x Dir-823x Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-08T14:02:08.815Z

Updated: 2026-02-23T09:42:37.097Z

Reserved: 2026-02-07T08:26:16.969Z

Link: CVE-2026-2155

Vulnrichment

Updated: 2026-02-09T19:09:12.257Z

NVD

Status : Analyzed

Published: 2026-02-08T14:16:26.027

Modified: 2026-02-11T18:44:51.503

Link: CVE-2026-2155

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T22:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object