CVE-2026-2082
Published: 07 February 2026
Summary
CVE-2026-2082 is a medium-severity Command Injection (CWE-77) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 4.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in the authenticated web interface of a public-facing router directly enables remote exploitation (T1190) and arbitrary command execution via the network device CLI (T1059.008).
NVD Description
A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is…
more
publicly available and might be used.
Deeper analysisAI
CVE-2026-2082 is an OS command injection vulnerability (CWE-77, CWE-78) affecting the D-Link DIR-823X router on firmware version 250416. The flaw resides in an unknown function within the /goform/set_mac_clone file, where manipulation of the "mac" argument enables arbitrary OS command execution. Published on 2026-02-07, it carries a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).
The vulnerability is remotely exploitable with low attack complexity but requires high privileges, such as authenticated administrative access to the device. An attacker with these privileges can inject and execute OS commands, resulting in low impacts to confidentiality, integrity, and availability, such as limited data exposure, modification, or denial of service on the targeted router.
Advisories and details are available via references including GitHub issues at https://github.com/master-abc/cve/issues/21 and https://github.com/master-abc/cve/issues/21#issue-3847172823, as well as VulDB entries at https://vuldb.com/?ctiid.344649, https://vuldb.com/?id.344649, and https://vuldb.com/?submit.745854. No specific patch or mitigation steps are detailed in the CVE description.
The exploit is publicly available and might be used in targeted attacks against vulnerable D-Link DIR-823X devices.
Details
- CWE(s)