This page lists publicly disclosed CVE vulnerabilities affecting dlink dir-823g_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-11492 | A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | [email protected] | 2.1 | 0.51% | 2026-06-08 | 2026-06-17 |
| CVE-2026-4193 | A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomography | [email protected] | 5.5 | 0.77% | 2026-03-16 | 2026-06-17 |
| CVE-2025-60675 | A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device. | [email protected] | 5.4 | 1.34% | 2025-11-13 | 2026-06-17 |
| CVE-2025-60671 | A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device. | [email protected] | 5.4 | 1.30% | 2025-11-13 | 2026-06-17 |
| CVE-2025-60332 | A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | [email protected] | 7.5 | 4.62% | 2025-10-22 | 2026-06-17 |
| CVE-2025-60331 | D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 7.5 | 0.57% | 2025-10-22 | 2026-06-17 |
| CVE-2025-2360 | A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | [email protected] | 6.9 | 3.77% | 2025-03-17 | 2026-06-17 |
| CVE-2025-2359 | A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | [email protected] | 6.9 | 14.01% | 2025-03-17 | 2026-06-17 |
| CVE-2024-13030 | A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 1.89% | 2024-12-29 | 2026-06-17 |
| CVE-2024-51024 | D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | [email protected] | 8.0 | 1.38% | 2024-11-05 | 2026-06-17 |
| CVE-2024-51023 | D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | [email protected] | 8.8 | 1.42% | 2024-11-05 | 2026-06-17 |
| CVE-2024-44408 | D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords. | [email protected] | 7.5 | 0.63% | 2024-09-06 | 2026-06-17 |
| CVE-2024-33345 | D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 6.5 | 0.78% | 2024-04-29 | 2026-06-17 |
| CVE-2024-27662 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 6.5 | 0.43% | 2024-02-29 | 2026-06-17 |
| CVE-2024-27661 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 6.5 | 0.43% | 2024-02-29 | 2026-06-17 |
| CVE-2024-27660 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 6.5 | 0.64% | 2024-02-29 | 2026-06-17 |
| CVE-2024-27659 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 6.5 | 0.64% | 2024-02-29 | 2026-06-17 |
| CVE-2024-27658 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 6.5 | 0.64% | 2024-02-29 | 2026-06-17 |
| CVE-2024-27657 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | [email protected] | 8.8 | 1.21% | 2024-02-29 | 2026-06-17 |
| CVE-2024-27656 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | [email protected] | 8.8 | 0.62% | 2024-02-29 | 2026-06-17 |