CVE-2025-11097
BaseFortify
Publication date: 2025-09-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-823x_firmware | 250416 |
| dlink | dir-823x | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11097 is a command injection vulnerability in the D-Link DIR-823X router (version 250416). It occurs in the /goform/set_device_name endpoint, specifically in the handling of the 'mac' parameter. Because this input is not properly sanitized, an attacker can inject arbitrary commands remotely without authentication. This allows the attacker to execute commands on the device, potentially compromising its confidentiality, integrity, and availability. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to execute arbitrary commands on the affected router without needing authentication. This can lead to full compromise of the device, including unauthorized access to sensitive information, disruption of device functionality, and potential use of the device as a foothold for further attacks within a network. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring network traffic for HTTP requests to the /goform/set_device_name endpoint containing suspicious or malformed 'mac' parameter values that may indicate command injection attempts. Additionally, reviewing device logs for unusual command execution or unexpected behavior may help identify exploitation. Specific commands are not provided in the resources, but using network monitoring tools like tcpdump or Wireshark to filter for requests to /goform/set_device_name, or using curl to test the endpoint with benign and crafted inputs, could assist in detection. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. The recommended immediate step is to replace the affected D-Link DIR-823X device with an alternative product to avoid exploitation. [1]