D-Link Dir-823X vulnerabilities

CVE-2025-11092 [MEDIUM] CWE-74 CVE-2025-11092: A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

CVE-2025-11099 [MEDIUM] CWE-74 CVE-2025-11099: A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_d A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-11095 [MEDIUM] CWE-74 CVE-2025-11095: A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of t A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVE-2025-11098 [MEDIUM] CWE-74 CVE-2025-11098: A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

CVE-2025-10814 [MEDIUM] CWE-74 CVE-2025-10814: A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerabili A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-10634 [MEDIUM] CWE-74 CVE-2025-10634: A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection. The attack can be initiated remotely. The exploit has been m

CVE-2025-10401 [MEDIUM] CWE-74 CVE-2025-10401: A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown fun A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVE-2025-10123 [MEDIUM] CWE-74 CVE-2025-10123: A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is th A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-2717 [MEDIUM] CWE-77 CVE-2025-2717: A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been

CVE-2025-1103 [HIGH] CWE-404 CVE-2025-1103: A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. Th A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The

CVE-2025-0492 [HIGH] CWE-404 CVE-2025-0492: A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.