CVE 8.6 HIGH

D-Link DIR-823X set_qos sub_420688 os command injection_CVE-2026-2142

February 8, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

AI Analysis

OS command injection vulnerability in D-Link DIR-823X 250416 via the set_qos function

Basic Information

ID CVE-2026-2142

Source VulDB

Published Feb 8, 2026 at 08:02

Affected Product

Vendor D-Link

Product DIR-823X

Version 250416

Affected Versions D-Link DIR-823X 250416

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor D-Link

Product DIR-823X

Version 250416

References

{
    "lastseen": "",
    "description": "A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-02-08T08:02:08.474Z",
    "modified": "2026-02-08T08:02:08.474Z",
    "type": "cve",
    "title": "D-Link DIR-823X set_qos sub_420688 os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344777\nhttps://vuldb.com/?ctiid.344777\nhttps://vuldb.com/?submit.747428\nhttps://github.com/master-abc/cve/issues/29\nhttps://www.dlink.com/",
    "id": "CVE-2026-2142",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-823X 250416",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-823X",
    "version": "250416",
    "vendor": "D-Link",
    "ai_description": "OS command injection vulnerability in D-Link DIR-823X 250416 via the set_qos function",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-823X",
    "ai_version": "250416",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply