CVE-2026-1685
Unknown Unknown - Not Provided
Authentication Bypass in D-Link DIR-823X Login Component

Publication date: 2026-01-30

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1685
EUVD
EUVD-2026-5029
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-823x_firmware 250416
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

There are no known official countermeasures or patches available for this vulnerability. Immediate mitigation steps include considering replacement of the affected D-Link DIR-823X router, restricting remote access to the login interface if possible, and monitoring for brute-force attempts. Users should also ensure that default weak credentials are changed to strong passwords to reduce risk. [2, 3]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability affects the D-Link DIR-823X router (firmware version 250416) in its login authentication function sub_40AC74. It allows remote attackers to perform brute-force attacks by exploiting insufficient restrictions on excessive authentication attempts. The router lacks proper rate-limiting and anti-brute-force protections, enabling attackers to repeatedly try to guess login credentials without prior authentication. Although the attack is complex and exploitability is difficult, a public proof-of-concept exploit is available. [1, 2, 3]

Impact Analysis

This vulnerability can lead to unauthorized administrative access to the affected router by allowing attackers to perform brute-force login attempts remotely. This compromises the confidentiality of the device, potentially allowing attackers to control or manipulate the router. Since no known mitigations or patches exist, the risk remains until the device is replaced or secured by other means. [2, 3]

Detection Guidance

This vulnerability can be detected by monitoring for automated brute-force login attempts targeting the /goform/login endpoint of the D-Link DIR-823X router firmware version 250416. Detection may involve analyzing logs for repeated failed authentication attempts or unusual traffic patterns to this endpoint. However, no specific detection commands or tools are provided in the available resources. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1685. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart