CVE-2026-2120 | D-Link DIR-823X 250416 Configuration Parameter set_server_settings terminal_addr/server_ip/server_port os command injection

Inserito da Angelo Barbosa | Feb 6, 2026 | CVE

A vulnerability classified as critical has been found in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection.

This vulnerability is listed as CVE-2026-2120. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-2120 | D-Link DIR-823X 250416 Configuration Parameter set_server_settings terminal_addr/server_ip/server_port os command injection

Post correlati

CVE-2025-3794 | WPForms Plugin up to 1.9.5 on WordPress start_timestamp cross site scripting

CVE-2024-2196 | aimhubio aim cross-site request forgery

CVE-2025-5492 | D-Link DI-500WF-WT up to 20250511 /usr/sbin/jhttpd /msp_info.htm?flag=cmd sub_456DE8 command injection

CVE-2024-24160 | MRCMS 3.0 saveinfo.do cross site scripting