CVE-2025-14208

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions up to 20250416

Description A security flaw exists in D-Link DIR-823X up to version 20250416. The issue resides in the sub 415028 function within the /goform/set wan settings file. Manipulation of the ppp username argument can lead to command injection. This allows for remote exploitation. The exploit has been publicly released.

Recommendations Versions up to 20250416 should be updated. As a temporary workaround, restrict access to the /goform/set wan settings file. Avoid using the ppp username parameter until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2025-14208

Affected Products

Dir-823

CVE-2025-14208

Weakness Enumeration

Related Identifiers

Affected Products

References · 11