CVE-2026-2155 – D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection

CVE ID : CVE-2026-2155

Published : Feb. 8, 2026, 2:16 p.m. | 1 hour, 3 minutes ago

Description : A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…