Skip to main content

Dir 815 Firmware CVE-2023-51123

CRITICAL
OS Command Injection (CWE-78)
2024-01-10 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
PoC Detected
Jun 20, 2025 - 16:15 vuln.today
Public exploit code
CVE Published
Jan 10, 2024 - 22:15 nvd
CRITICAL 9.8

DescriptionCVE.org

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.

AnalysisAI

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. Affected products include: Dlink Dir-815 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2018-25115 CRITICAL POC
10.0 Aug 27

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware

CVE-2024-22651 CRITICAL POC
9.8 Jan 24

There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmwa

CVE-2018-10106 CRITICAL POC
9.8 Apr 16

D-Link DIR-815 REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication re

CVE-2025-6328 HIGH POC
8.8 Jun 20

A critical stack-based buffer overflow vulnerability exists in D-Link DIR-815 firmware version 1.01 within the hedwig.cg

CVE-2020-25786 MEDIUM POC
6.1 Sep 19

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header.

CVE-2018-10108 MEDIUM POC
6.1 Apr 16

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication requ

CVE-2018-10107 MEDIUM POC
6.1 Apr 16

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication requ

CVE-2024-0717 MEDIUM POC
5.3 Jan 19

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DI

CVE-2023-37758 HIGH
7.5 Jul 18

D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. Rated high severity

Share

CVE-2023-51123 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy