D-Link DIR-823-Pro
Easy fix1 remedy
cpe:2.3:h:dlink:dir-823_pro:*:*:*:*:*:*:*, +1 more
Easy fix1 remedy
D-Link DIR-823-Pro Improper Permission Control Allowing Unauthorized Telnet Access
Vulnerability
A vulnerability exists in the D-Link DIR-823-Pro router, specifically in version 1.02, due to improper permission control. This flaw allows unauthorized users to enable and access Telnet services on the device. The vulnerability can be exploited remotely by sending a request to the router that activates the Telnet service, thereby providing access to the device's command line interface.
Impact
Exploitation of this vulnerability allows for unauthorized remote access to the router's Telnet interface, where further commands can be executed on the device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the router's HNAP1 endpoint. The request must include a 'SOAPACTION' header that specifies the 'SetTelnetSettings' action. The JSON payload should indicate that Telnet is to be enabled. Once the request is processed, Telnet access will be granted on the router.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
7.5exploitability
9.1remediation
8.3relevance
0.2threat
6.4urgency
2.9incentive
9.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.