Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

D-Link DIR-823X Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Exploited

A command injection vulnerability has been identified in the D-Link DIR-823X router, specifically in firmware versions 240126 and 240802. This vulnerability allows an authorized attacker to execute arbitrary commands on the device. The issue arises when a POST request is sent to the '/goform/set_prohibiting' endpoint, exploiting a function that triggers remote command execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, an authorized user must send a POST request to the '/goform/set_prohibiting' endpoint. This request should include payloads that exploit the command injection vulnerability, allowing the execution of arbitrary commands on the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Apr 24, 2026, 8:40 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

8.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

8.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

D-Link DIR-823X Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-823X

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating