Is D-Link affected by EUVD-2026-12257?

D-Link DIR-823G routers running version 1.0.2B05 contain a critical access control vulnerability affecting multiple administrative functions, enabling unauthorized remote configuration changes.

EUVD-2026-12257

| CVE-2026-4193 MEDIUM

2026-03-16 [email protected]

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 14:30 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 14:30 euvd

EUVD-2026-12257

CVE Published

Mar 16, 2026 - 14:20 nvd

MEDIUM 6.9

Description

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo of the component goahead. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

Improper access control in D-Link DIR-823G 1.0.2B05's goahead component allows unauthenticated remote attackers to manipulate multiple configuration functions including firewall, network, and security settings. The vulnerability affects a wide range of device management functions and has been publicly disclosed with no patch currently available. …

Remediation

Within 24 hours: Inventory all DIR-823G 1.0.2B05 devices and isolate them from production networks if possible; enable enhanced logging on affected devices. Within 7 days: Implement network segmentation to restrict administrative access to these routers; deploy WAF rules to block suspicious requests to vulnerable endpoints; consider disabling remote management capabilities. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +34

POC: 0

EUVD-2026-12257 vulnerability details – vuln.today

Back

EUVD-2026-12257

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12257

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code