Publicly Disclosed Exploits Put D-Link DIR-823 Users in Danger

D-Link has issued a security advisory concerning multiple vulnerabilities affecting the DIR-823 wireless router, revision A1, running firmware version 1.20B07. These vulnerabilities include stack-based buffer overflows and a command injection flaw, which could allow attackers to take control of affected devices.

The advisory notes that the DIR-823 Rev. A1 reached its end-of-life (EOL) and end-of-service (EOS) on March 31, 2024. This means the device no longer receives security updates or support from D-Link. As stated in the advisory, “Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported by D-Link US (D-Link Systems, Inc.).”

The DIR-823 (Rev. A1) running firmware FW1.20B07 has been found to contain several stack-based buffer overflow vulnerabilities and a command injection flaw, which could allow attackers to take control of the device, execute arbitrary code, or cause system crashes. These vulnerabilities have been disclosed publicly, increasing the risk of real-world exploitation.

The disclosed vulnerabilities include:

CVE-2025-25740 to CVE-2025-25742, and CVE-2025-25745 to CVE-2025-25746: Stack-based buffer overflows that could be triggered via various parameters in different modules.

CVE-2025-25743: A command injection vulnerability in the SetVirtualServerSettings module.

CVE-2025-25744: A stack-based buffer overflow vulnerability in the SetDynamicDNSSettings module.

D-Link recommends that users of the affected router “be retired and replaced.” Since no security updates will be provided, replacing the router is the only way to mitigate these vulnerabilities.

Rate this post

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply