CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-55848

An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by '&'to allow injection of reverse connection commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.9%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/meigui637/iot_zone/blob/main/%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
https://www.dlink.com/en/security-bulletin/

Products affected by CVE-2025-55848

Dlink » Dir-823x » Version: N/A

cpe:2.3:h:dlink:dir-823x:-
Dlink » Dir-823x Firmware » Version: 2025-04-16

cpe:2.3:o:dlink:dir-823x_firmware:2025-04-16

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-55848

Products

Pricing

Contact Us