D-Link DIR-823X Command Injection Vulnerability in goahead Utility

A command injection vulnerability has been identified in the D-Link DIR-823X router, specifically in the versions 240126, 240802, and 250416. The issue arises in the file '/usr/sbin/goahead', where input parameters are not properly validated, allowing attackers to manipulate the 'port' argument and execute arbitrary commands on the device. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for remote command execution on the affected device.

Reproduction

To reproduce this vulnerability, log into the router and navigate to the 'set_server_settings' function. The command injection can be achieved by sending a crafted request that includes the 'port' parameter with injected command payloads. After the request is processed, the injected commands will be executed on the router's operating system.