CVE-2025-10401 MEDIUM

CVE-2025-10401: D-Link DIR-823x diag_ping command injection

Vendor D-Link
Product DIR-823x
Weakness CWE-77
Published September 14, 2025
Last update September 15, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Key dates

02Disclosure timeline

September 14, 2025 CVE published
September 15, 2025 Record updated