CVE-2025-11092

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416

Description A flaw exists in the D-Link DIR-823X, specifically within the sub 412E7C function located in the /goform/set switch settings file. Manipulation of the port argument can lead to command injection. This issue can be exploited remotely. The exploit is publicly available.

Recommendations Apply updates to address the flaw in the sub 412E7C function of the /goform/set switch settings file. As a temporary workaround, restrict access to the /goform/set switch settings file to minimize the risk of exploitation. Avoid using the port parameter in the affected function until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

BDU:2025-12539

CVE-2025-11092

Affected Products

D-Link Dir-823G

CVE-2025-11092

Weakness Enumeration

Related Identifiers

Affected Products

References · 12