CVE-2025-10401
BaseFortify
Publication date: 2025-09-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-823x_firmware | to 250416 (inc) |
| dlink | dir-823x | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10401 is a command injection vulnerability in the D-Link DIR-823x router series up to firmware version 250416. It occurs in the /goform/diag_ping endpoint where the 'target_addr' parameter is improperly handled, allowing an attacker to inject arbitrary system commands remotely without authentication. This happens because the router constructs system commands using user-supplied input without properly neutralizing special characters, leading to potential unauthorized command execution on the device. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to execute arbitrary commands on your D-Link DIR-823x router without authentication. This can compromise the confidentiality, integrity, and availability of your device, potentially leading to unauthorized access, disruption of network services, or further exploitation of your network environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring or intercepting HTTP requests to the /goform/diag_ping endpoint on the D-Link DIR-823x router, specifically looking for suspicious or malformed 'target_addr' parameter values that may contain command injection payloads. Since the vulnerability involves command injection via the 'target_addr' parameter, you can use network traffic inspection tools like tcpdump or Wireshark to capture requests to this endpoint. Additionally, you can attempt to send controlled test requests to the /goform/diag_ping endpoint with benign payloads to see if the device executes commands unexpectedly. For example, using curl to send a request: curl -v 'http://<router-ip>/goform/diag_ping?target_addr=127.0.0.1' and then testing with payloads that include shell metacharacters to detect command injection behavior. However, no specific detection commands or signatures are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected D-Link DIR-823x router with an alternative device, as no known countermeasures or patches have been published. Since the vulnerability allows remote unauthenticated command injection, it is recommended to isolate the device from untrusted networks, disable remote management if possible, and monitor for suspicious activity. Applying network-level protections such as firewall rules to block access to the /goform/diag_ping endpoint or filtering suspicious requests may help reduce exposure until the device can be replaced. [1]