CRITICAL🇵🇱 Wersja polska

CVE-2024-39962

CVSS 9.8v3.1pub. 2024-07-19upd. 2025-07-09

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.

🤖 AI Analysis
How it works

The vulnerability exists in the ntp_zone_val parameter handled by the /goform/set_ntp endpoint. The attacker sends a crafted HTTP request containing a malicious payload in this parameter, which leads to execution of arbitrary code on the device. The vulnerability is classified as CWE-94 (Improper Control of Code Generation) and indicates a lack of proper validation and sanitization of input data before processing.

Impact

An unauthorized attacker can remotely, without any authentication, execute arbitrary code on the device with the privilege level of the process handling the request — which in practice means complete takeover of the router, ability to modify network configuration, and potential use of the device as an entry point to the local network.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until updates are applied, it is recommended to restrict access to the router's administrative panel only to trusted hosts and disable remote management of the device from the WAN network side.

Who is affected

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router with firmware version v21_D240126

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 823x

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 823x Firmware

    OS
    Dlink
    240126
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-29043CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-823X – command injection umożliwiający zdalne wykonanie kodu

CVE-2025-29040CRITICAL9.8PL ✓ten sam produkt

Command Injection w D-Link DIR-823X — zdalne wykonanie kodu przez parametr target_addr

CVE-2025-29042CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-823X: Command Injection przez parametr macaddr (RCE)

CVE-2025-29041CRITICAL9.8PL ✓ten sam produkt

Command injection w D-Link DIR-823X umożliwiający zdalne wykonanie kodu

CVE-2025-29635HIGH7.2⚠ KEVten sam produkt

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execut...