CVE-2025-14208 MEDIUM

CVE-2025-14208: D-Link DIR-823X set_wan_settings sub_415028 command injection

Vendor D-Link
Product DIR-823X
Weakness CWE-77
Published December 8, 2025
Last update December 8, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Key dates

02Disclosure timeline

December 8, 2025 CVE published
December 8, 2025 Record updated