Details of VAR-202509-3852

ID

VAR-202509-3852

CVE

CVE-2025-11097

TITLE

D-Link Corporation of DIR-823X Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015465

DESCRIPTION

A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DIR-823X The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. This vulnerability could allow an attacker to remotely inject commands

Trust: 2.16

sources: NVD: CVE-2025-11097 // JVNDB: JVNDB-2025-015465 // CNVD: CNVD-2025-23370

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-23370

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-823x	scope:	eq	version:	250416	Trust: 1.0
vendor:	d link	model:	dir-823x	scope:	eq	version:	dir-823x firmware 250416	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	eq	version:	250416	Trust: 0.6

sources: CNVD: CNVD-2025-23370 // JVNDB: JVNDB-2025-015465 // NVD: CVE-2025-11097

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-11097
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-11097
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-015465
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-23370
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-11097
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-015465
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-23370
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-11097
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-11097
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-015465
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-23370 // JVNDB: JVNDB-2025-015465 // NVD: CVE-2025-11097 // NVD: CVE-2025-11097

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-74	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015465 // NVD: CVE-2025-11097

EXTERNAL IDS

db:	NVD	id:	CVE-2025-11097	Trust: 3.2
db:	VULDB	id:	326178	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-015465	Trust: 0.8
db:	CNVD	id:	CNVD-2025-23370	Trust: 0.6

sources: CNVD: CNVD-2025-23370 // JVNDB: JVNDB-2025-015465 // NVD: CVE-2025-11097

REFERENCES

url:	https://github.com/n1ptune/dink/blob/main/set_device_name.md	Trust: 1.8
url:	https://vuldb.com/?id.326178	Trust: 1.8
url:	https://vuldb.com/?submit.661913	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-11097	Trust: 1.4
url:	https://vuldb.com/?ctiid.326178	Trust: 1.0

sources: CNVD: CNVD-2025-23370 // JVNDB: JVNDB-2025-015465 // NVD: CVE-2025-11097

SOURCES

db:	CNVD	id:	CNVD-2025-23370
db:	JVNDB	id:	JVNDB-2025-015465
db:	NVD	id:	CVE-2025-11097

LAST UPDATE DATE

2025-10-12T23:29:05.219000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-23370	date:	2025-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-015465	date:	2025-10-09T05:25:00
db:	NVD	id:	CVE-2025-11097	date:	2025-10-02T18:58:00.877

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-23370	date:	2025-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-015465	date:	2025-10-09T00:00:00
db:	NVD	id:	CVE-2025-11097	date:	2025-09-28T05:15:31.593