漏洞关键信息 Title: D-Link DIR-823X 250416 OS Command Injection Description: - The D-Link DIR-823X router is susceptible to a Remote Command Injection vulnerability via the /goform/set_dmz endpoint. - The backend function sub_4208A0 fails to adequately filter the newline character (\n or 0x0A) when handling user-submitted dmz_host or dmz_enable parameters. - An authenticated attacker can leverage this to truncate the original UCI configuration command and execute arbitrary shell commands with root privileges. Source: - https://github.com/master-abc/cve/issues/33 User: - 942384053 (UID 94603) Submission Date: - February 21, 2026 04:29 PM (7 days ago) Moderation Date: - February 07, 2026 06:39 PM (6 days later) Status: Duplicate VulDB Entry: - ID: 234857 - Title: [D-Link DIR-823X 250416 Configuration /goform/set_dmz sub_4208A0 dmz_host/dmz_enable os command injection] Points: 0