CVE-2026-2157 - Vulnerability Details

- D-Link DIR-823X set_static_route_table sub_4175CC os command injection

Description

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Published: 2026-02-08

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability exists in the D‑Link DIR‑823X router firmware version 250416 where manipulating the arguments of the /goform/set_static_route_table function allows an attacker to inject arbitrary operating‑system commands. The flaw derives from insufficient validation of the interface, destination address, netmask, gateway, and metric parameters. A remote user could exploit this issue. The CVE documentation does not specify whether authentication is required, so the authentication requirement remains uncertain.

Affected Systems

Affected systems are D‑Link DIR‑823X routers running firmware build 250416. No additional product or version information is provided beyond this specific firmware.

Risk and Exploitability

The CVSS base score of 8.6 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the current environment. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is remote through the device’s web management interface. The CVE documentation does not clarify whether an authenticated session is required, so the authentication requirement remains uncertain. An attacker only needs to craft a malicious request to the /goform/set_static_route_table endpoint to trigger command execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-823X

affected

Version	Status	Constraints
`250416`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Dir-823x	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest stable firmware from D‑Link for the DIR‑823X that includes the fix for this command injection.
Restrict external network access to the router’s administration interface by firewalling or placing the device behind a VPN, limiting it to trusted internal hosts.
If a firmware update is not immediately available, disable or block the /goform/set_static_route_table endpoint or any static routing configuration via the web interface to prevent exploitation.

Generated by OpenCVE AI on April 18, 2026 at 18:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00653.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/master-abc/cve/issues/28
https://vuldb.com/?ctiid.344859
https://vuldb.com/?id.344859
https://vuldb.com/?submit.748376
https://www.dlink.com/

History

Wed, 11 Feb 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-823x Dlink dir-823x Firmware
CPEs		cpe:2.3:h:dlink:dir-823x:-:::::::* cpe:2.3:o:dlink:dir-823x_firmware:250416:::::::*
Vendors & Products		Dlink Dlink dir-823x Dlink dir-823x Firmware

Mon, 09 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-823x
Vendors & Products		D-link D-link dir-823x

Sun, 08 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Title		D-Link DIR-823X set_static_route_table sub_4175CC os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/master-abc/cve/issues/28 https://vuldb.com/?ctiid.344859 https://vuldb.com/?id.344859 https://vuldb.com/?submit.748376 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-823x

Dlink Dir-823x Dir-823x Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-08T15:02:10.266Z

Updated: 2026-02-23T09:43:07.169Z

Reserved: 2026-02-07T08:29:31.876Z

Link: CVE-2026-2157

Vulnrichment

Updated: 2026-02-09T19:01:19.452Z

NVD

Status : Analyzed

Published: 2026-02-08T15:15:52.310

Modified: 2026-02-11T18:44:32.140

Link: CVE-2026-2157

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T18:30:07Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object