Dlink Dir-823 Pro Firmware vulnerabilities

8 known vulnerabilities affecting dlink/dir-823_pro_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-45729MEDIUMCVSS 6.3v1.0.22025-06-27
CVE-2025-45729 [MEDIUM] CWE-284 CVE-2025-45729: D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services.
nvd
CVE-2022-28573CRITICALCVSS 9.8v1.0.22022-05-02
CVE-2022-28573 [CRITICAL] CWE-78 CVE-2022-28573: D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the functio D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.
nvd
CVE-2021-46453CRITICALCVSS 9.8≤ 1.0.22022-02-04
CVE-2021-46453 [CRITICAL] CWE-77 CVE-2021-46453: D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter.
nvd
CVE-2021-46456CRITICALCVSS 9.8≤ 1.0.22022-02-04
CVE-2021-46456 [CRITICAL] CWE-77 CVE-2021-46456: D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter.
nvd
CVE-2021-46452CRITICALCVSS 9.8≤ 1.0.22022-02-04
CVE-2021-46452 [CRITICAL] CWE-77 CVE-2021-46452: D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters.
nvd
CVE-2021-46457CRITICALCVSS 9.8≤ 1.0.22022-02-04
CVE-2021-46457 [CRITICAL] CWE-77 CVE-2021-46457: D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter.
nvd
CVE-2021-46455CRITICALCVSS 9.8≤ 1.0.22022-02-04
CVE-2021-46455 [CRITICAL] CWE-77 CVE-2021-46455: D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.
nvd
CVE-2021-46454CRITICALCVSS 9.8≤ 1.0.22022-02-04
CVE-2021-46454 [CRITICAL] CWE-77 CVE-2021-46454: D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter.
nvd