VulnCheck KEV: CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

CVE-2026-6135

A weakness has been identified in Tenda F451 1.0.0.7cnsvn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made...

EUVD-2026-12371

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4228 LB-LINK BL-WR9000 set_wifi sub_458754 command injection

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

PT-2026-25638

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub 458754 of the file /goform/set wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about...

CVE-2026-2129

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/setacstatus. Performing a manipulation of the argument acipaddr/acipstatus/aprandtime results in os command injection. The attack may be initiated remotely. The exploit ha...

PT-2026-7046

A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub 4211C8 of the file /goform/set filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-2155

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

CVE-2026-2081

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2026-2143 D-Link DIR-823X DDNS Service set_ddns os command injection

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

CVE-2026-2143

CVE-2026-2143 affects D-Link DIR-823X (firmware 250416), targeting the DDNS Service. The vulnerability stems from improper handling of parameters in the /goform/set_ddns file (ddnsType, ddnsDomainName, ddnsUserName, ddnsPwd) enabling remote OS command injection. The issue enables remote execution...

CVE-2026-2142

CVE-2026-2142 concerns D-Link DIR-823X firmware (build 250416). The vulnerability affects the function sub_420688 in /goform/set_qos, allowing remote OS command injection via manipulation of that function. Public exploit code is available, enabling remote attacks with high impact on confidentiali...

EUVD-2026-5819

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/setacstatus. Performing a manipulation of the argument acipaddr/acipstatus/aprandtime results in os command injection. The attack may be initiated remotely. The exploit ha...

PT-2026-7007

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A weakness exists in D-Link DIR-823X version 250416 related to command injection. The issue affects the sub 420618 function within the /goform/set upnp file. Manipulation of the upnp enable argument c...

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

PT-2026-6900

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X 250416 that allows remote attackers to execute operating system commands. This is achieved by manipulating the mac argument within the /goform/set mac clone file throu...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “langSelection” in the file “goform/setlanguage”, which...

PT-2026-6902

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A weakness exists in D-Link DIR-823X version 250416. A manipulation of the langSelection argument in the file /goform/set language can lead to os command injection. The attack can be launched remotely...

CVE-2026-2061

A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub424D20 of the file /goform/setipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...