Cyber Resilience

CVE-2023-51984

CriticalPublic PoCRCE

Published: 11 January 2024

Published
11 January 2024
Modified
16 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1408 94.5th percentile
Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-51984 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-822 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR-822+ firmware version 1.0.2 contains an OS command injection vulnerability (CWE-78) in the SetStaticRouteSettings function. The flaw carries a CVSS 3.1 score of 9.8 and permits unauthenticated remote attackers to supply crafted input that is passed directly to a system shell.

An attacker with network access can invoke the affected function to execute arbitrary operating-system commands on the device, resulting in full compromise of confidentiality, integrity, and availability without any user interaction or credentials.

Public disclosure of the issue appears in GitHub repositories that include technical details and proof-of-concept material; no vendor advisory or firmware patch information is referenced in the available sources. The associated EPSS score has remained at 0.1408 with no material increase observed since publication.

EU & UK References

Vulnerability details

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection in web function enables exploitation of public-facing application (T1190) for remote arbitrary Unix shell command execution (T1059.004).

Affected Assets

dlink
dir-822 firmware
1.0.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References