CVE-2026-4193
Improper Access Control in D-Link goahead Component Allows Remote Exploit
Publication date: 2026-03-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-823g_firmware | 1.0.2b05 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4193 is a security vulnerability in the D-Link DIR-823G router firmware version 1.0.2B05, specifically in the goahead web server component. It involves improper access control and incorrect privilege assignments that allow an unauthenticated attacker to access multiple sensitive management interfaces without any authentication.
These interfaces include functions such as GetDDNSSettings, GetDeviceDomainName, GetDeviceSettings, GetDMZSettings, GetFirewallSettings, GetGuestNetworkSettings, GetLanWanConflictInfo, GetLocalMacAddress, GetNetworkSettings, GetQoSSettings, GetRouterInformationSettings, GetRouterLanSettings, GetWanSettings, and several Set* functions that modify device and network configurations.
Exploitation of this vulnerability allows attackers to retrieve sensitive device and network configuration information and to modify critical router settings without authorization. The vulnerability is remotely exploitable without any authentication and affects devices that are no longer supported by the vendor.
How can this vulnerability impact me? :
This vulnerability can have significant impacts on the confidentiality, integrity, and availability of your network and device.
- Unauthorized attackers can retrieve sensitive network and device configuration information, including internal network topology, WAN and LAN settings, firewall and DMZ configurations, guest network settings, wireless security parameters, and system status.
- Attackers can modify critical router settings such as firewall rules, network settings, wireless security configurations, access control lists, and other device parameters, potentially compromising device security and network integrity.
- The exposure and manipulation of these settings facilitate further malicious activities including unauthorized wireless access, lateral movement within the local network, traffic interception, and targeted exploitation of other vulnerable services.
Since the affected product is no longer supported, no vendor patches are available, increasing the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves unauthorized access to multiple management interfaces on the D-Link DIR-823G router firmware 1.0.2B05, which can be detected by attempting to access these interfaces without authentication.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability on your network or system, you can try to query the affected interfaces remotely to see if they respond without requiring authentication. Interfaces include GetNetworkSettings, GetWanSettings, GetRouterLanSettings, GetFirewallSettings, GetDMZSettings, GetQoSSettings, GetDDNSSettings, SetDeviceSettings, SetRouterLanSettings, SetIPv4FirewallSettings, SetNetworkSettings, SetStaticClientInfo, SetStaticRouteSettings, SetAccessCtlList, SetAccessCtlSwitch, SetGuestWLanSettings, SetWPSSettings, UpdateClientInfo, and others.'}, {'type': 'paragraph', 'content': "Suggested commands involve sending HTTP requests to the router's management interface endpoints corresponding to these functions and checking if they return data or allow configuration changes without authentication."}, {'type': 'list_item', 'content': 'Use curl or similar tools to send GET or POST requests to URLs like http://<router-ip>/goahead/GetNetworkSettings or http://<router-ip>/goahead/SetDeviceSettings and observe if responses are returned without authentication.'}, {'type': 'list_item', 'content': 'Example command: curl -v http://<router-ip>/goahead/GetNetworkSettings'}, {'type': 'list_item', 'content': "Example command: curl -X POST http://<router-ip>/goahead/SetDeviceSettings -d '<payload>' to test if settings can be modified without authentication."}, {'type': 'paragraph', 'content': 'If these requests succeed without authentication, the device is vulnerable.'}] [1, 2, 3, 4, 6, 7, 8, 9]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Since the affected D-Link DIR-823G router firmware 1.0.2B05 is no longer supported by the vendor and no patches are available, immediate mitigation steps focus on limiting exposure and reducing attack surface.'}, {'type': 'list_item', 'content': "Implement restrictive firewall rules to block external and unauthorized internal access to the router's management interfaces."}, {'type': 'list_item', 'content': 'Disable remote management features on the router if enabled, to prevent remote exploitation.'}, {'type': 'list_item', 'content': "Restrict access to the router's web management interface to trusted IP addresses only."}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious requests targeting the vulnerable interfaces.'}, {'type': 'list_item', 'content': 'Consider replacing the affected device with a supported router model that receives security updates.'}] [6]