CVE-2023-25280 — D-Link DIR-820 Router OS Command Injection Vulnerability
2024-09-30 • CISA Known Exploited Vulnerability
[event] D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | D-Link |
| Product | DIR-820 Router |
| CWE | CWE-78 |
| CVE ID | CVE-2023-25280 |
| Date Added | 2024-09-30 |
| Due Date | 2024-10-21 |
| Ransomware Campaign | Unknown |
> MITIGATION
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Due Date: 2024-10-21