CVE-2023-25280: D-Link DIR-820 Router OS Command Injection Vulnerability.
D-Link DIR-820 Router OS Command Injection Vulnerability. D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
- CISA KEV-listed (remediation due 2024-10-21)
- EPSS 93.1% (99.8% percentile)