CVE-2025-10634 | D-Link DIR-823X 240126/240802/250416 Environment Variable /usr/sbin/goahead sub_412E7C terminal_addr/server_ip/server_port command injection

Inserito da Angelo Barbosa | Set 17, 2025 | CVE

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection.

This vulnerability is handled as CVE-2025-10634. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2025-10634 | D-Link DIR-823X 240126/240802/250416 Environment Variable /usr/sbin/goahead sub_412E7C terminal_addr/server_ip/server_port command injection

Post correlati

CVE-2024-32030 | provectus kafka-ui up to 0.7.1 deserialization (GHSL-2023-229)

CVE-2024-30465 | PageLayer Plugin up to 1.8.1 on WordPress authorization

CVE-2023-45924 | Freedesktop OpenGL libglvnd bb06db5a glXGetDrawableScreen null pointer dereference

CVE-2024-2042 | ElementsKit Elementor Addons Plugin up to 3.0.5 on WordPress Image Accordion Widget cross site scripting