OS Command Injection in D-Link DIR-823X Products
CVE-2025-2717

5.1MEDIUM

Key Information:

Vendor

D-link
Status
Dir-823x
Vendor
CVE Published:
25 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2717?

A security vulnerability has been identified in D-Link DIR-823X devices, specifically impacting the HTTP POST Request Handler. This issue arises from improper handling of input in the 'diag_nslookup' function, allowing for potential OS command injection. Attackers can manipulate the 'target_addr' argument to execute arbitrary commands on the device, which may lead to unauthorized access. Given that this vulnerability can be exploited remotely, it poses significant risks to network security.

Affected Version(s)

DIR-823X 240126

DIR-823X 240802

References

https://vuldb.com/?id.300737
vdb-entrytechnical-description
https://vuldb.com/?ctiid.300737
signaturepermissions-required
https://vuldb.com/?submit.517958
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

JSON
.