Threat Intelligence / CVE / CVE-2026-2143

CVE-2026-2143

CVSS 7.2 (HIGH) · EPSS 0.1% · Published 2026-02-08

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77, CWE-78

Threats tracking this CVE

CVE-2025-29635 — Mirai Variant Campaign Recruiting D-Link DIR-823X Routers via /goform/set_prohibiting Command Injection — HIGH

References

https://github.com/master-abc/cve/issues/25
https://vuldb.com/?ctiid.344778
https://vuldb.com/?id.344778
https://vuldb.com/?submit.747492
https://www.dlink.com/

Full detection coverage & IOCs for threats exploiting CVE-2026-2143 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence