Volerion logoVolerion
Volerion logoVolerion

D-Link DIR-823 Remote Code Execution Vulnerability via Command Injection in Password Settings

Vulnerability

A remote code execution vulnerability has been identified in the D-Link DIR-823 router, specifically in the firmware version 20250416. The issue arises in the set_password interface, where the http_passwd parameter is not properly sanitized. This lack of filtering allows for the injection of reverse connection commands, enabling unauthorized execution of arbitrary commands on the device.

Impact

Exploitation of this vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with root privileges on the affected device.

Reproduction

To reproduce this vulnerability, log into the router's web interface and navigate to the password settings. The old password must be set to 'admin', which is hardcoded as the default. Once the old password is accepted, the http_passwd parameter can be manipulated to inject commands that will be executed on the router's operating system.

Added: Sep 26, 2025, 5:18 PM
Updated: Sep 26, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm
spread
4.2
impact
7.5
exploitability
6.5
remediation
0.0
relevance
0.6
threat
1.6
urgency
2.9
incentive
9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.