{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2082", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-06T08:07:43.709Z", "datePublished": "2026-02-07T10:02:07.908Z", "dateUpdated": "2026-02-23T09:31:16.516Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:31:16.516Z"}, "title": "D-Link DIR-823X set_mac_clone os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "D-Link", "product": "DIR-823X", "versions": [{"version": "250416", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-06T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-10T17:21:08.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "jiefengliang (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344649", "name": "VDB-344649 | D-Link DIR-823X set_mac_clone os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344649", "name": "VDB-344649 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.745854", "name": "Submit #745854 | dlink DIR-823X 250416 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/master-abc/cve/issues/21", "tags": ["issue-tracking"]}, {"url": "https://github.com/master-abc/cve/issues/21#issue-3847172823", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T15:41:34.744096Z", "id": "CVE-2026-2082", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:42:03.756Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2082", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T15:41:34.744096Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:41:52.034Z"}}], "cna": {"title": "D-Link DIR-823X set_mac_clone os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "jiefengliang (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "product": "DIR-823X", "versions": [{"status": "affected", "version": "250416"}]}], "timeline": [{"lang": "en", "time": "2026-02-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-06T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-10T17:21:08.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344649", "name": "VDB-344649 | D-Link DIR-823X set_mac_clone os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344649", "name": "VDB-344649 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.745854", "name": "Submit #745854 | dlink DIR-823X 250416 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/master-abc/cve/issues/21", "tags": ["issue-tracking"]}, {"url": "https://github.com/master-abc/cve/issues/21#issue-3847172823", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:31:16.516Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2082", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:31:16.516Z", "dateReserved": "2026-02-06T08:07:43.709Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-07T10:02:07.908Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-823x_firmware:250416:*:*:*:*:*:*:*", "matchCriteriaId": "5D7C64E7-D64D-43DE-8A82-196E66F91F3F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-823x:-:*:*:*:*:*:*:*", "matchCriteriaId": "09CE2627-49F3-4B6F-B48B-F52665C6B8C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en D-Link DIR-823X 250416. El elemento afectado es una funci\u00f3n desconocida del archivo /goform/set_mac_clone. Dicha manipulaci\u00f3n del argumento mac conduce a inyecci\u00f3n de comandos. El ataque puede ser realizado de forma remota. El exploit est\u00e1 disponible p\u00fablicamente y podr\u00eda ser utilizado."}], "id": "CVE-2026-2082", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-07T10:15:52.373", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/master-abc/cve/issues/21"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/master-abc/cve/issues/21#issue-3847172823"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344649"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344649"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.745854"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:13:03.386986+00:00", "value": {"mitigation_remediation": ["Update to the latest firmware that fixes the set_mac_clone command injection flaw.", "Disable MAC cloning feature or remove access to /goform/set_mac_clone by adjusting router settings.", "Restrict exposure of the router to the internet by applying network segmentation and firewall rules to block HTTP access from untrusted networks.", "As an interim workaround, block the /goform/set_mac_clone endpoint using the router\u2019s firewall or local network firewall."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected are D-Link DIR-823X routers running firmware 250416. The flaw lies in the set_mac_clone endpoint and is specific to this firmware version. No other D-Link models or firmware versions are known to be impacted at this time.", "description_and_impact": "The vulnerability resides in the set_mac_clone function of the DIR-823X firmware 250416. By sending a crafted mac argument to /goform/set_mac_clone, an attacker can inject arbitrary OS commands, resulting in remote code execution on the device.", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity. EPSS <1% suggests a low probability of exploitation in the general population. However the exploit is publicly available, so targeted attacks are possible. The vulnerability is accessed via remote HTTP requests, implying the network accessible device is the attack vector. Since the flaw allows arbitrary command execution, the potential impact is full compromise of the router, including network traffic interception, traffic manipulation, and lateral movement into the local network."}}}}, "created": "2026-02-09T10:44:40.309285+00:00", "updated": "2026-04-17T22:15:29.457465+00:00", "vendors": ["d-link", "d-link$PRODUCT$dir-823x"]}