CVE-2026-1544 — Command Injection in D-link Dir-823x

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 90.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-823x Dlink Dir-823x Firmware

Timeline

PublishedJan 28

Latest updateJan 29

Description

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dir-823x250416

▶NVDdlink/dir-823x_firmware250416

🔴Vulnerability Details

GHSA

GHSA-4gx6-36jg-p3wm: A security flaw has been discovered in D-Link DIR-823X 250416↗2026-01-29

▶

CVEList

D-Link DIR-823X set_mode sub_41E2A0 os command injection↗2026-01-28

▶