D-Link DIR-823G DDNS Service Improper Authorization Vulnerability

Vulnerability

A critical vulnerability has been identified in the D-Link DIR-823G router, specifically in version 1.0.2B05_20181207. The issue arises in the DDNS Service component, within the SetDDNSSettings function of the /HNAP1/ file. The vulnerability is caused by improper authorization related to the SOAPAction argument, allowing for remote exploitation. This issue affects products that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for improper authorization, potentially leading to unauthorized access or actions within the DDNS service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-823G DDNS Service Improper Authorization Vulnerability

Vulnerability

Impact

Affected Products

D-Link DIR-823G

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating