CVE-2026-1125

High PUBLISHED

D-Link DIR-823X set_wifidog_settings sub_412E7C command injection

D-Link · DIR-823X

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
6.9 Medium EPSS 14.4%

At a Glance

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

CVE Published
Jan 18, 2026
Exploitation Reported
Jul 02, 2026
CVSS
6.9 Medium
EPSS
14.4%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
D-Link
DIR-823X

250416

Affected

CVE References

Show 1 more reference

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.