Neptune111

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the `uci set` function within the /goform/set wifi blacklists file. This allows for remote command injection through manipulation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A command injection issue exists in D-Link DIR-823X version 250416. The issue is located in the file `/goform/delete offline device`. Manipulation of the `delvalue` argument can lead to command injection. Remote exploitation is possible. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the processing of the `/goform/diag traceroute` file within D-Link DIR-823X version 250416. Manipulation of the `target addr` argument can lead to command injection, allowing for remote execution. The exploit for this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in D-Link DIR-823X 250416 that allows remote command injection. The issue is located in an unknown function of the file `/goform/set device name`. Manipulating the `mac` argument can trigger the flaw. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in D-Link DIR-823X firmware version 250416 that allows for remote command injection. The issue is located in an unknown function within the `/goform/set wifi blacklists` file. Manipulation of the `macList` argument can lead to command execution. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823X version 250416 **Description** A flaw exists in the D-Link DIR-823X router. Specifically, manipulating the `delvalue` argument within the `uci del` function in the /goform/delete prohibiting file can lead to command injection. This allows for remote initiation of the attack. The exploit has been publicly disclosed. **Recommendations** Apply a firmware update that addresses the vulnerability in the `uci del` function of the /goform/delete prohibiting file. As a temporary workaround, restrict access to the /goform/delete prohibiting file.