D-Link DIR-820 Router OS Command Injection Vulnerability (CVE-2023-25280)
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2024-10-21 under CISA BOD 22-01.
This is a OS Command Injection (CWE-78) vulnerability in D-Link DIR-820 Router. OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Active exploitation documented in the wild. Threat-research write-up: https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.