CVE-2026-2143
7.2 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical vulnerability in certain D-Link routers allows attackers to remotely inject malicious commands into the device's dynamic DNS (DDNS) settings. This is a serious flaw because it can be exploited over the internet with little effort.
Who is affected
Users of the D-Link DIR-823X router with firmware version 250416 are affected. An attacker could take full control of the router, steal credentials, or use it to attack other devices on the network.
Recommended fix
Immediately check the D-Link support website for a firmware update that addresses this issue. If no patch is available, disable the DDNS service in the router's web interface as a temporary workaround.
Technical Description
A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-78, CWE-77