OS Command Injection in D-Link DIR-823X Products
CVE-2025-2717

5.1MEDIUM

Key Information:

Vendor

D-link

Status
Vendor
CVE Published:
25 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2717?

A security vulnerability has been identified in D-Link DIR-823X devices, specifically impacting the HTTP POST Request Handler. This issue arises from improper handling of input in the 'diag_nslookup' function, allowing for potential OS command injection. Attackers can manipulate the 'target_addr' argument to execute arbitrary commands on the device, which may lead to unauthorized access. Given that this vulnerability can be exploited remotely, it poses significant risks to network security.

Affected Version(s)

DIR-823X 240126

DIR-823X 240802

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

.
CVE-2025-2717 : OS Command Injection in D-Link DIR-823X Products