CVE-2026-2120 PUBLISHED

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

• 942384053 (VulDB User) reporter

• VDB-344694 | D-Link DIR-823X Configuration Parameter set_server_settings os command injection
• VDB-344694 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #746916 | D-Link DIR-823X 250416 OS Command Injection
• https://github.com/master-abc/cve/issues/26
• https://www.dlink.com/

• OS Command Injection CWE
• Command Injection CWE