CVE-2023-27216

HIGH

D-Link DSL-3782 1.03 - Authenticated Root Code Execution via Network Settings

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-27216. PoCs published by HoangREALER, FzBacon.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-27216, including firmware extraction, emulation, and debugging steps for the D-Link DSL-3782 router. It includes root cause analysis, patch diffs, and technical walkthroughs but does not contain functional exploit code.

Description

An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.

Exploits (2)

nomisec WRITEUP 3 stars

by HoangREALER · poc

https://github.com/HoangREALER/CVE-2023-27216

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-27216, including firmware extraction, emulation, and debugging steps for the D-Link DSL-3782 router. It includes root cause analysis, patch diffs, and technical walkthroughs but does not contain functional exploit code.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: D-Link DSL-3782 v.1.03

Auth required

Prerequisites: Access to D-Link DSL-3782 firmware · Firmware emulation environment (QEMU/FAT) · Debugging tools (gdbserver)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP 2 stars

by FzBacon · poc

https://github.com/FzBacon/CVE-2023-27216_D-Link_DSL-3782_Router_command_injection

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-27216, a command injection vulnerability in D-Link DSL-3782 routers. It includes root cause analysis, affected parameters, and exploitation steps, demonstrating how insufficient input sanitization allows authenticated users to execute arbitrary commands via multiple configuration fields.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: D-Link DSL-3782 (DSL-3782_REVA_FIRMWARE_PATCH_v1.03 and below)

Auth required

Prerequisites: Authenticated access to the router's web interface · Firmware version DSL-3782_REVA_FIRMWARE_PATCH_v1.03 or below

MITRE ATT&CK

T1202 - Indirect Command Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Broken Link

http://d-link.com

Third Party Advisory

https://lessonsec.com/cve/cve-2023-27216/

Product

https://www.dlink.com/en/security-bulletin/

Scores

CVSS v3 8.8

EPSS 0.0449

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

dlink/dsl-3782_firmware 1.03

Published Apr 12, 2023

Tracked Since Feb 18, 2026