CVE-2025-2717

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126/240802

Description A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the function sub 41710C of the file /goform/diag nslookup. The manipulation of the target addr argument leads to os command injection. This issue can be exploited remotely.

Recommendations For D-Link DIR-823X versions 240126/240802, as a temporary workaround, consider disabling the sub 41710C function until a patch is available. Restrict access to the /goform/diag nslookup file to minimize the risk of exploitation. Avoid using the target addr argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.