CVE-2026-2129 — 神龙十问 AI 深度分析摘要

**🚨 OS Command Injection in D-Link DIR-823X** - Vulnerable endpoint: `/goform/set_ac_status` - **Consequence**: Remote attackers can execute arbitrary OS commands via crafted parameters. - **Impact**: Full system comprom…

**🔍 Root Cause: CWE-77 - Improper Neutralization of Special Elements** - Parameters `ac_ipaddr`, `ac_ipstatus`, `ap_randtime` are not sanitized. - Malicious input injected into system calls → command execution. - **Flaw*…

**⚠️ Affected Devices** - **Model**: D-Link DIR-823X - **Firmware**: 250416 (specific version) - **Component**: `/goform/set_ac_status` endpoint - **No other versions listed** 📦

**🔓 Hacker Capabilities** - **Remote execution** without user interaction. - Can access files, steal data, install malware. - **Full control** over device (C:H/I:H/A:H) 💣

**🔐 Exploitation Threshold: High Privilege Required?** - **CVSS: PR:H** → High privilege needed. - **But**: Remote attack possible (AV:N) 🌐 - **No authentication bypass mentioned** 🚫

**📌 Public Exploit?** - **Yes!** PoC referenced in GitHub issue #23 (exploit|issue-tracking) - **Exploitation in wild?** Possibly — advisory mentions "may be exploited" 🕵️‍♂️

**🔍 Self-Check Methods** - Scan for `set_ac_status` endpoint on DIR-823X devices. - Check firmware version: **250416**. - Use tools like `nmap`, `curl` to probe `/goform/set_ac_status` 📊

**🛠️ Official Fix?** - **No patch mentioned** in provided data. - D-Link product link included, but no advisory or firmware update referenced. 🚫

**🛡️ Workarounds (No Patch)** - **Disable remote access** to `/goform/set_ac_status`. - **Firewall rules**: Block external access to device’s admin port. - **Network segmentation**: Isolate router from internal network.…

**❗ Urgency: HIGH** - **CVSS: 9.1/10** (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) - Public exploit exists. - **Critical for exposed devices** — patch ASAP or isolate. ⚠️