D-Link DIR-823X set_mac_clone os command injection

A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Problem type

Affected products

D-Link

DIR-823X

250416 - AFFECTED

References

VDB-344649 | D-Link DIR-823X set_mac_clone os command injection

https://vuldb.com/?id.344649

vdb-entrytechnical-description

VDB-344649 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344649

signaturepermissions-required

Submit #745854 | dlink DIR-823X 250416 OS Command Injection

https://vuldb.com/?submit.745854

third-party-advisory

github.com

https://github.com/master-abc/cve/issues/21

issue-tracking

github.com

https://github.com/master-abc/cve/issues/21#issue-3847172823

exploitissue-tracking

dlink.com

https://www.dlink.com/

product

GitHub Security Advisories

GHSA-34vf-m4pq-7jqj

A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown...

https://github.com/advisories/GHSA-34vf-m4pq-7jqj

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2082

github.com

https://github.com/master-abc/cve/issues/21

github.com

https://github.com/master-abc/cve/issues/21#issue-3847172823

vuldb.com

https://vuldb.com/?ctiid.344649

vuldb.com

https://vuldb.com/?id.344649

vuldb.com

https://vuldb.com/?submit.745854

dlink.com

https://www.dlink.com

github.com

https://github.com/advisories/GHSA-34vf-m4pq-7jqj

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2082

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2082",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T10:02:07.908Z",
    "dateReserved": "2026-02-06T08:07:43.709Z",
    "datePublished": "2026-02-07T10:02:07.908Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T10:02:07.908Z"
      },
      "title": "D-Link DIR-823X set_mac_clone os command injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used."
        }
      ],
      "affected": [
        {
          "vendor": "D-Link",
          "product": "DIR-823X",
          "versions": [
            {
              "version": "250416",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "OS Command Injection",
              "cweId": "CWE-78",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Command Injection",
              "cweId": "CWE-77",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344649",
          "name": "VDB-344649 | D-Link DIR-823X set_mac_clone os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344649",
          "name": "VDB-344649 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745854",
          "name": "Submit #745854 | dlink DIR-823X 250416 OS Command Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/master-abc/cve/issues/21",
          "tags": [
            "issue-tracking"
          ]
        },
        {
          "url": "https://github.com/master-abc/cve/issues/21#issue-3847172823",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.dlink.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 5.8
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T09:12:49.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jiefengliang (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}