CVE 8.6 HIGH

D-Link DIR-823X set_language os command injection_CVE-2026-2084

February 7, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

AI Analysis

OS command injection vulnerability in D-Link DIR-823X 250416 via the set_language function

Basic Information

ID CVE-2026-2084

Source VulDB

Published Feb 7, 2026 at 11:32

Affected Product

Vendor D-Link

Product DIR-823X

Version 250416

Affected Versions D-Link DIR-823X 250416

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor D-Link

Product DIR-823X

Version 250416

References

{
    "lastseen": "",
    "description": "A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-02-07T11:32:09.250Z",
    "modified": "2026-02-07T11:32:09.250Z",
    "type": "cve",
    "title": "D-Link DIR-823X set_language os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344651\nhttps://vuldb.com/?ctiid.344651\nhttps://vuldb.com/?submit.746379\nhttps://vuldb.com/?submit.746380\nhttps://github.com/master-abc/cve/issues/24\nhttps://www.dlink.com/",
    "id": "CVE-2026-2084",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-823X 250416",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-823X",
    "version": "250416",
    "vendor": "D-Link",
    "ai_description": "OS command injection vulnerability in D-Link DIR-823X 250416 via the set_language function",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-823X",
    "ai_version": "250416",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply