CVE-2026-2142
7.2 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A vulnerability in certain D-Link routers allows remote attackers to inject and execute operating system commands on the device. This is a serious flaw because it can give an attacker full control over the router.
Who is affected
Users of the D-Link DIR-823X router with firmware version 250416 are affected. An attacker could take over the device, steal data, or use it to attack other devices on the network.
Recommended fix
Immediately check the D-Link support website for a firmware update that addresses this issue. If no patch is available, consider disabling remote administration and restricting access to the router's web interface.
Technical Description
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-78, CWE-77