CVE-2026-2143
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Analysis
Unauthenticated attackers can achieve remote code execution on D-Link DIR-823X routers through OS command injection in the DDNS service component via the /goform/set_ddns endpoint. The vulnerability allows manipulation of DDNS parameters (ddnsType, ddnsDomain, ddnsUserName, ddnsPwd) to execute arbitrary system commands with high privileges. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all D-Link DIR-823X devices in production environments and isolate affected units from critical network segments if possible. Within 7 days: Implement network-based mitigations (WAF rules blocking /goform/set_ddns requests, network segmentation to restrict DDNS service access, disable DDNS if not operationally required) and monitor for exploitation attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today