CVE-2023-33781

HIGH

D-Link DIR-842V2 <1.0.3 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33781. PoCs published by s0tr.

AI-analyzed exploit summary This PoC exploits CVE-2023-33781 in D-Link DIR-842V2 v1.0.3 by modifying the backup/restore functionality to enable unauthenticated telnet access via arbitrary binary execution. It logs in, downloads the config, modifies Telnet settings, and restores the altered config to trigger the vulnerability.

Description

An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.

Exploits (1)

nomisec WORKING POC 1 stars
by s0tr · poc
https://github.com/s0tr/CVE-2023-33781

This PoC exploits CVE-2023-33781 in D-Link DIR-842V2 v1.0.3 by modifying the backup/restore functionality to enable unauthenticated telnet access via arbitrary binary execution. It logs in, downloads the config, modifies Telnet settings, and restores the altered config to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DIR-842V2 v1.0.3
Auth required
Prerequisites: Valid credentials for the D-Link router · Network access to the router's web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Broken Link
http://dir-842v2.com
Exploit, Third Party Advisory
https://github.com/s0tr/CVE-2023-33781

Scores

CVSS v3 8.8
EPSS 0.3203
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (1)
dlink/dir-842v2_firmware 1.0.3
Published Jun 07, 2023
Tracked Since Feb 18, 2026