Skip to main content

Dir 820L Firmware CVE-2023-25280

CRITICAL
OS Command Injection (CWE-78)
2023-03-16 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Mar 16, 2023 - 01:15 nvd
CRITICAL 9.8

DescriptionNVD

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

AnalysisAI

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. Affected products include: Dlink Dir-820L Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2022-26258 CRITICAL POC
9.8 Mar 28

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set

CVE-2023-44809 CRITICAL POC
9.8 Oct 16

D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-44808 CRITICAL POC
9.8 Oct 16

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. Rated critical severity (CVSS 9.8

CVE-2023-44807 CRITICAL POC
9.8 Oct 06

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. Rated critical severity (CVSS 9.8

CVE-2023-25279 CRITICAL POC
9.8 Mar 13

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a cr

CVE-2024-51186 HIGH POC
8.0 Nov 11

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr paramete

CVE-2023-25281 HIGH POC
7.5 Mar 16

A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a d

CVE-2023-25283 HIGH POC
7.5 Mar 13

A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserv

CVE-2022-34973 HIGH POC
7.5 Aug 03

D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. Rated high

CVE-2023-25282 MEDIUM POC
6.5 Mar 15

A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.

CVE-2024-48150 CRITICAL
9.8 Oct 14

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. Rated critical severity (CVSS 9.8

Share

CVE-2023-25280 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy