OS Command Injection in D-Link DIR-823X Products
CVE-2025-2717
5.1MEDIUM
What is CVE-2025-2717?
A security vulnerability has been identified in D-Link DIR-823X devices, specifically impacting the HTTP POST Request Handler. This issue arises from improper handling of input in the 'diag_nslookup' function, allowing for potential OS command injection. Attackers can manipulate the 'target_addr' argument to execute arbitrary commands on the device, which may lead to unauthorized access. Given that this vulnerability can be exploited remotely, it poses significant risks to network security.
Affected Version(s)
DIR-823X 240126
DIR-823X 240802