Description
A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.
References (5)
Core 5
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.343479
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.343479
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.740886
Issue Tracking exploit
issue-tracking
https://github.com/master-abc/cve/issues/17
Various Sources product
https://www.dlink.com/
Scores
CVSS v3
3.7
EPSS
0.0099
EPSS Percentile
57.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-307
CWE-799
Status
published
Products (1)
dlink/dir-823x_firmware
250416
Published
Jan 30, 2026
Tracked Since
Feb 18, 2026