D-Link DIR-823G is an AC1200M dual-band gigabit wireless router.A command injection vulnerability exists in the HNAP1 protocol in D-Link DIR-823G version 1.0.2B05. An attacker can execute arbitrary Web scripts using shell meta characters in the Captcha field of the login section.