CVE-2026-2129
7.2 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A critical vulnerability in certain D-Link DIR-823X routers allows attackers to remotely inject malicious commands by sending specially crafted data to a specific web form. This matters because it lets attackers take full control of the device without needing any login credentials.
Who is affected
Owners of the affected D-Link DIR-823X router (firmware version 250416) are impacted. A successful attacker could run any command on the device, potentially stealing data, changing settings, or adding the router to a botnet.
Recommended fix
Immediately check the D-Link support website for a firmware update and install it. If no patch is available, disable remote administration (WAN access to the router's admin interface) as a temporary mitigation.
Technical Description
A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-78, CWE-77