Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-2129 — AI Deep Analysis Summary

CVSS 7.2 · High

Q1What is this vulnerability? (Essence + Consequences)

**🚨 OS Command Injection in D-Link DIR-823X** - Vulnerable endpoint: `/goform/set_ac_status` - **Consequence**: Remote attackers can execute arbitrary OS commands via crafted parameters. - **Impact**: Full system comprom…

Q2Root Cause? (CWE/Flaw)

**🔍 Root Cause: CWE-77 - Improper Neutralization of Special Elements** - Parameters `ac_ipaddr`, `ac_ipstatus`, `ap_randtime` are not sanitized. - Malicious input injected into system calls → command execution. - **Flaw*…

Q3Who is affected? (Versions/Components)

**⚠️ Affected Devices** - **Model**: D-Link DIR-823X - **Firmware**: 250416 (specific version) - **Component**: `/goform/set_ac_status` endpoint - **No other versions listed** 📦

Q4What can hackers do? (Privileges/Data)

**🔓 Hacker Capabilities** - **Remote execution** without user interaction. - Can access files, steal data, install malware. - **Full control** over device (C:H/I:H/A:H) 💣

Q5Is exploitation threshold high? (Auth/Config)

**🔐 Exploitation Threshold: High Privilege Required?** - **CVSS: PR:H** → High privilege needed. - **But**: Remote attack possible (AV:N) 🌐 - **No authentication bypass mentioned** 🚫

Q6Is there a public Exp? (PoC/Wild Exploitation)

**📌 Public Exploit?** - **Yes!** PoC referenced in GitHub issue #23 (exploit|issue-tracking) - **Exploitation in wild?** Possibly — advisory mentions "may be exploited" 🕵️‍♂️

Q7How to self-check? (Features/Scanning)

**🔍 Self-Check Methods** - Scan for `set_ac_status` endpoint on DIR-823X devices. - Check firmware version: **250416**. - Use tools like `nmap`, `curl` to probe `/goform/set_ac_status` 📊

Q8Is it fixed officially? (Patch/Mitigation)

**🛠️ Official Fix?** - **No patch mentioned** in provided data. - D-Link product link included, but no advisory or firmware update referenced. 🚫

Q9What if no patch? (Workaround)

**🛡️ Workarounds (No Patch)** - **Disable remote access** to `/goform/set_ac_status`. - **Firewall rules**: Block external access to device’s admin port. - **Network segmentation**: Isolate router from internal network.…

Q10Is it urgent? (Priority Suggestion)

**❗ Urgency: HIGH** - **CVSS: 9.1/10** (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) - Public exploit exists. - **Critical for exposed devices** — patch ASAP or isolate. ⚠️