Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Oct 21, 2024

High
CISA KEV

CVE-2023-25280

D-LinkDIR-820 Router

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

Required Action

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358 ; https://nvd.nist.gov/vuln/detail/CVE-2023-25280

Vulnerability Overview

Severity
High
CISA KEV
Yes
Ransomware
Unknown
Published
Sep 30, 2024
KEV Added
Sep 30, 2024
Due Date
Oct 21, 2024
Related Articles
0

Vendor

D-Link

DIR-820 Router