Command Injection Vulnerability in D-Link DIR-823X by D-Link
CVE-2025-10814
Key Information:
Badges
What is CVE-2025-10814?
A command injection vulnerability exists in D-Link DIR-823X models (240126, 240802, 250416) due to improper handling of user input in the file /usr/sbin/goahead. This flaw allows attackers to remotely execute arbitrary commands by manipulating the argument port. As this vulnerability has been publicly disclosed, it poses a significant security risk to affected devices, necessitating immediate attention to ensure network safety.
Affected Version(s)
DIR-823X 240126
DIR-823X 240802
DIR-823X 250416
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved