Dlink Dir-823G Firmware vulnerabilities

CVE-2026-4193 [MEDIUM] CWE-266 CVE-2026-4193: A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanS

CVE-2025-60675 [MEDIUM] CWE-77 CVE-2025-60675: A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20 A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() witho

CVE-2025-60671 [MEDIUM] CWE-77 CVE-2025-60671: A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20 A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before

CVE-2025-60332 [HIGH] CWE-476 CVE-2025-60332: A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allo A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2025-60331 [HIGH] CWE-121 CVE-2025-60331: D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac para D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2025-2359 [MEDIUM] CWE-266 CVE-2025-2359: A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public a

CVE-2025-2360 [MEDIUM] CWE-266 CVE-2025-2360: A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by t A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the

CVE-2024-13030 [MEDIUM] CWE-266 CVE-2024-13030: A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to imp

CVE-2024-51024 [HIGH] CWE-78 CVE-2024-51024: D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostNam D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVE-2024-51023 [HIGH] CWE-78 CVE-2024-51023: D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVE-2024-44408 [HIGH] CWE-862 CVE-2024-44408: D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauth D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.

CVE-2024-33345 [MEDIUM] CWE-476 CVE-2024-33345: D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2024-27657 [HIGH] CWE-121 CVE-2024-27657: D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.

CVE-2024-27656 [HIGH] CWE-121 CVE-2024-27656: D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. Th D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.

CVE-2024-27655 [HIGH] CWE-121 CVE-2024-27655: D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.

CVE-2024-27661 [MEDIUM] CWE-395 CVE-2024-27661: D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Thi D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2024-27658 [MEDIUM] CWE-395 CVE-2024-27658: D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Thi D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2024-27660 [MEDIUM] CWE-476 CVE-2024-27660: D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). T D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2024-27659 [MEDIUM] CWE-395 CVE-2024-27659: D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). Thi D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2024-27662 [MEDIUM] CWE-755 CVE-2024-27662: D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). T D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.