CNNVD-202509-1442 Information
CNNVD ID
CNNVD-202509-1442
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
D-Link DIR-823X是中国友讯(D-Link)公司的一款无线路由器。 D-Link DIR-823X 250416及之前版本存在命令注入漏洞,该漏洞源于对文件/goform/set_static_leases中函数sub_415028的参数Hostname的错误操作导致命令注入。
Description (English)
D-Link DIR-823X is a wireless router of D-Link. There is a command-injecting loophole in D-Link DIR-823X 250416 and earlier versions, which results from an error in the command-injection of Hostname, the parameter of function sub 415028 in document/goform/set static leases.
Hazard Level
Medium
Vulnerability Type
命令注入
Affected Vendor
D3D
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/lin-3-start/lin-cve/blob/main/DIR-823X/D-Link%20DIR-823X%20routers%20have%20an%20unauthorized%20command%20execution%20vulnerability.md https://github.com/lin-3-start/lin-cve/blob/main/DIR-823X/D-Link%20DIR-823X%20routers%20have%20an%20unauthorized%20command%20execution%20vulnerability.md#poc https://vuldb.com/?ctiid.323093 https://vuldb.com/?id.323093 https://vuldb.com/?submit.645712 https://www.dlink.com/
Share on: