CVE-2026-2175 - Vulnerability Details

- D-Link DIR-823X set_upnp sub_420618 os command injection

Description

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Published: 2026-02-08

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the sub_420618 routine that processes the upnp_enable argument in the /goform/set_upnp endpoint of the firmware. By inserting malicious payloads into that argument, an attacker can force the device to execute arbitrary OS commands on the router. Only the web interface is required to trigger the flaw, so remote attackers can retrieve or modify the device configuration, install malware, or pivot to downstream network hosts. The weakness is an example of operating system command injection, which affects data confidentiality, integrity, and availability.

Affected Systems

Affected devices are the D-Link DIR-823X routers carrying the 250416 firmware build. The flaw has not been reported in other DIR-823X revisions or other D-Link products. There is no publicly known workaround from D-Link; the fix is expected in a future firmware update.

Risk and Exploitability

The flaw carries a CVSS v3 base score of 8.6, a very high severity rating, and an EPSS of less than 1 %, indicating it is not widely exploited yet. It is not listed in the CISA KEV catalog. The attack vector is network-based; an unauthenticated attacker who can reach the router's web administration portal can send crafted POST or GET requests to /goform/set_upnp with a malicious upnp_enable value to trigger command execution. Because it does not require privileged credentials, it presents a low barrier to exploitation for any host that can reach the router.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-823X

affected

Version	Status	Constraints
`250416`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
D-link	Dir-823x	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the DIR-823X firmware to a version that includes the command‑injection fix released by D-Link.
If a patch is unavailable, disable UPnP and all related services in the router’s settings to eliminate the vulnerable endpoint.
Restrict external access to the router’s web interface to trusted internal networks or VPN links, and block unsolicited traffic to the management ports with a firewall.
Apply network segmentation and monitoring to detect anomalous traffic originating from or targeting the router’s configuration interface.

Generated by OpenCVE AI on April 17, 2026 at 21:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00653.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/master-abc/cve/issues/31
https://vuldb.com/?ctiid.344876
https://vuldb.com/?id.344876
https://vuldb.com/?submit.749263
https://www.dlink.com/

History

Wed, 11 Feb 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-823x Dlink dir-823x Firmware
CPEs		cpe:2.3:h:dlink:dir-823x:-:::::::* cpe:2.3:o:dlink:dir-823x_firmware:250416:::::::*
Vendors & Products		Dlink Dlink dir-823x Dlink dir-823x Firmware

Mon, 09 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-823x
Vendors & Products		D-link D-link dir-823x

Sun, 08 Feb 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Title		D-Link DIR-823X set_upnp sub_420618 os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/master-abc/cve/issues/31 https://vuldb.com/?ctiid.344876 https://vuldb.com/?id.344876 https://vuldb.com/?submit.749263 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-823x

Dlink Dir-823x Dir-823x Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-08T18:32:13.041Z

Updated: 2026-02-23T09:47:04.714Z

Reserved: 2026-02-07T14:58:50.060Z

Link: CVE-2026-2175

Vulnrichment

Updated: 2026-02-09T17:45:52.265Z

NVD

Status : Analyzed

Published: 2026-02-08T19:16:21.773

Modified: 2026-02-11T18:38:16.813

Link: CVE-2026-2175

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T22:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object