CVE-2026-1544

MediumPublic PoC

Published: 28 January 2026

Published

28 January 2026

Modified

09 February 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0003 9.8th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1544 is a medium-severity Command Injection (CWE-77) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

OS command injection in public-facing router web interface (/goform/set_mode) directly enables remote exploitation of the device (T1190) and arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely.…

The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-1544 is an OS command injection vulnerability (CWE-77, CWE-78) in the D-Link DIR-823X router running firmware version 250416. The flaw affects the sub_41E2A0 function in the /goform/set_mode file, where manipulation of the lan_gateway argument enables arbitrary OS command execution. Published on 2026-01-28, it carries a CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability is exploitable remotely by attackers possessing low privileges, requiring no user interaction. Successful exploitation grants limited access to execute OS commands, potentially compromising confidentiality, integrity, and availability to a low degree. A public exploit has been released, increasing the risk of attacks against vulnerable devices.

This issue impacts only products no longer supported by the maintainer, with no patches available. Advisories from VulDB detail the vulnerability and submission, a GitHub issue provides further analysis, and the D-Link website is referenced, though no specific mitigation steps are outlined beyond device replacement or network isolation.

Details

CWE(s): CWE-77 CWE-78

Affected Products

dlink

dir-823x firmware

250416

CVEs Like This One

CVE-2026-2175Same product: Dlink Dir-823X

CVE-2026-2210Same product: Dlink Dir-823X

CVE-2026-2081Same product: Dlink Dir-823X

CVE-2026-2157Same product: Dlink Dir-823X

CVE-2026-2143Same product: Dlink Dir-823X

CVE-2026-2084Same product: Dlink Dir-823X

CVE-2026-2063Same product: Dlink Dir-823X

CVE-2026-2142Same product: Dlink Dir-823X

CVE-2026-2082Same product: Dlink Dir-823X

CVE-2026-2129Same product: Dlink Dir-823X

References

https://github.com/master-abc/cve/issues/16
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.343228
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.343228
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.739155
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com
https://github.com/master-abc/cve/issues/16
Exploit, Issue Tracking, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0