Primary

Context

D-Link DIR-823X Command Injection Vulnerability in HTTP POST Request Handler

Vulnerability

A critical command injection vulnerability has been identified in the D-Link DIR-823X router, specifically in firmware versions 240126 and 240802. The issue arises in the HTTP POST request handler for the 'diag_nslookup' form, where the 'target_addr' parameter can be manipulated to execute arbitrary operating system commands. This vulnerability can be exploited remotely, but requires authentication.

Impact

Successful exploitation allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send an authenticated POST request to the '/goform/diag_nslookup' endpoint. Include a payload in the 'target_addr' parameter that exploits the command injection vulnerability. This can be done using a tool like Burp Suite or by crafting a custom script that sends the appropriate HTTP request.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-823X Command Injection Vulnerability in HTTP POST Request Handler

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-823X

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating