7.5

CVE-2026-4193

Exploit

D-Link DIR-823G goahead UpdateClientInfo access control

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo of the component goahead. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DlinkDir-823g Firmware Version1.0.2b05
   DlinkDir-823g Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.77% 0.508
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 5.5 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.dlink.com/
Product
https://vuldb.com/?id.351105
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.351105
VDB Entry
Permissions Required
https://vuldb.com/?submit.769835
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.769836
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.769837
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.769838
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.769839
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.769841
Third Party Advisory
VDB Entry
https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_91/91.md
Third Party Advisory
Exploit
https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_92/92.md
Third Party Advisory
Exploit