CVE-2026-2120
7.2 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A vulnerability in certain D-Link routers allows attackers to remotely inject malicious commands into the device's settings. This is a serious flaw because it lets attackers take control of the router without needing physical access.
Who is affected
Users of the D-Link DIR-823X router with firmware version 250416 are affected. An attacker could run any command on the device, potentially stealing data, hijacking internet traffic, or adding the router to a botnet.
Recommended fix
Immediately check the D-Link support website for a firmware update that addresses this issue and apply it. If no patch is available, consider disabling remote administration and restricting access to the router's web interface to trusted networks.
Technical Description
A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-78, CWE-77