CVE-2025-11097

CWE-74CWE-77Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 77.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-823xDlink Dir-823x Firmware
Timeline
PublishedSep 28

Description

A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dir-823x250416

🔴Vulnerability Details

2
CVEList
D-Link DIR-823X set_device_name command injection2025-09-28
GHSA
GHSA-2xv2-rwrw-35gw: A vulnerability has been found in D-Link DIR-823X 2504162025-09-28
CVE-2025-11097 (MEDIUM CVSS 5.3) | A vulnerability has been found in D | cvebase.io