CVE-2023-25280
D-Link DIR-820 Router OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
98.1%
p100
KEV
YES
Sep 30, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
D-Link / DIR-820 Router
Vulnerability
D-Link DIR-820 Router OS Command Injection Vulnerability
Added to KEV
Sep 30, 2024
Remediate by
Oct 21, 2024
Known ransomware use
No
Summary description
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Required action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358 ; https://nvd.nist.gov/vuln/detail/CVE-2023-25280
No related CVEs by CWE or product.