CVE-2025-11097
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11097
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dir-823x_firmware 250416
dlink dir-823x *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11097 is a command injection vulnerability in the D-Link DIR-823X router (version 250416). It occurs in the /goform/set_device_name endpoint, specifically in the handling of the 'mac' parameter. Because this input is not properly sanitized, an attacker can inject arbitrary commands remotely without authentication. This allows the attacker to execute commands on the device, potentially compromising its confidentiality, integrity, and availability. [1, 2]

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary commands on the affected router without needing authentication. This can lead to full compromise of the device, including unauthorized access to sensitive information, disruption of device functionality, and potential use of the device as a foothold for further attacks within a network. [1, 2]

Detection Guidance

Detection can be performed by monitoring network traffic for HTTP requests to the /goform/set_device_name endpoint containing suspicious or malformed 'mac' parameter values that may indicate command injection attempts. Additionally, reviewing device logs for unusual command execution or unexpected behavior may help identify exploitation. Specific commands are not provided in the resources, but using network monitoring tools like tcpdump or Wireshark to filter for requests to /goform/set_device_name, or using curl to test the endpoint with benign and crafted inputs, could assist in detection. [1, 2]

Mitigation Strategies

No known countermeasures or mitigations have been identified for this vulnerability. The recommended immediate step is to replace the affected D-Link DIR-823X device with an alternative product to avoid exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11097. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart