Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

Published

2026-02-07T12:15:55.717

Last Modified

2026-02-10T14:57:30.947

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: MULTIPLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-823x_firmware	250416	Yes
Hardware	dlink	dir-823x	-	No

References

https://github.com/master-abc/cve/issues/24 Exploit, Issue Tracking ([email protected])
https://vuldb.com/?ctiid.344651 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.344651 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.746379 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.746380 Third Party Advisory, VDB Entry ([email protected])
https://www.dlink.com/ Product ([email protected])