CVE-2026-4193
Awaiting Analysis Awaiting Analysis - Queue
Improper Access Control in D-Link goahead Component Allows Remote Exploit

Publication date: 2026-03-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo of the component goahead. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4193
EUVD
EUVD-2026-12257
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-823g_firmware 1.0.2b05
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4193 is a security vulnerability in the D-Link DIR-823G router firmware version 1.0.2B05, specifically in the goahead web server component. It involves improper access control and incorrect privilege assignments that allow an unauthenticated attacker to access multiple sensitive management interfaces without any authentication.

These interfaces include functions such as GetDDNSSettings, GetDeviceDomainName, GetDeviceSettings, GetDMZSettings, GetFirewallSettings, GetGuestNetworkSettings, GetLanWanConflictInfo, GetLocalMacAddress, GetNetworkSettings, GetQoSSettings, GetRouterInformationSettings, GetRouterLanSettings, GetWanSettings, and several Set* functions that modify device and network configurations.

Exploitation of this vulnerability allows attackers to retrieve sensitive device and network configuration information and to modify critical router settings without authorization. The vulnerability is remotely exploitable without any authentication and affects devices that are no longer supported by the vendor.

Impact Analysis

This vulnerability can have significant impacts on the confidentiality, integrity, and availability of your network and device.

  • Unauthorized attackers can retrieve sensitive network and device configuration information, including internal network topology, WAN and LAN settings, firewall and DMZ configurations, guest network settings, wireless security parameters, and system status.
  • Attackers can modify critical router settings such as firewall rules, network settings, wireless security configurations, access control lists, and other device parameters, potentially compromising device security and network integrity.
  • The exposure and manipulation of these settings facilitate further malicious activities including unauthorized wireless access, lateral movement within the local network, traffic interception, and targeted exploitation of other vulnerable services.

Since the affected product is no longer supported, no vendor patches are available, increasing the risk of exploitation.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves unauthorized access to multiple management interfaces on the D-Link DIR-823G router firmware 1.0.2B05, which can be detected by attempting to access these interfaces without authentication.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability on your network or system, you can try to query the affected interfaces remotely to see if they respond without requiring authentication. Interfaces include GetNetworkSettings, GetWanSettings, GetRouterLanSettings, GetFirewallSettings, GetDMZSettings, GetQoSSettings, GetDDNSSettings, SetDeviceSettings, SetRouterLanSettings, SetIPv4FirewallSettings, SetNetworkSettings, SetStaticClientInfo, SetStaticRouteSettings, SetAccessCtlList, SetAccessCtlSwitch, SetGuestWLanSettings, SetWPSSettings, UpdateClientInfo, and others.'}, {'type': 'paragraph', 'content': "Suggested commands involve sending HTTP requests to the router's management interface endpoints corresponding to these functions and checking if they return data or allow configuration changes without authentication."}, {'type': 'list_item', 'content': 'Use curl or similar tools to send GET or POST requests to URLs like http://<router-ip>/goahead/GetNetworkSettings or http://<router-ip>/goahead/SetDeviceSettings and observe if responses are returned without authentication.'}, {'type': 'list_item', 'content': 'Example command: curl -v http://<router-ip>/goahead/GetNetworkSettings'}, {'type': 'list_item', 'content': "Example command: curl -X POST http://<router-ip>/goahead/SetDeviceSettings -d '<payload>' to test if settings can be modified without authentication."}, {'type': 'paragraph', 'content': 'If these requests succeed without authentication, the device is vulnerable.'}] [1, 2, 3, 4, 6, 7, 8, 9]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Since the affected D-Link DIR-823G router firmware 1.0.2B05 is no longer supported by the vendor and no patches are available, immediate mitigation steps focus on limiting exposure and reducing attack surface.'}, {'type': 'list_item', 'content': "Implement restrictive firewall rules to block external and unauthorized internal access to the router's management interfaces."}, {'type': 'list_item', 'content': 'Disable remote management features on the router if enabled, to prevent remote exploitation.'}, {'type': 'list_item', 'content': "Restrict access to the router's web management interface to trusted IP addresses only."}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious requests targeting the vulnerable interfaces.'}, {'type': 'list_item', 'content': 'Consider replacing the affected device with a supported router model that receives security updates.'}] [6]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4193. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart