CVE-2025-2717

CVE-2025-2717 is a critical vulnerability in D-Link DIR-823X routers running firmware versions 240126 or 240802. It resides in the sub_41710C function within the /goform/diag_nslookup endpoint of the HTTP POST Request Handler component. The flaw allows OS command injection through manipulation of the target_addr argument, as identified under CWE-77 and CWE-78. The vulnerability was published on 2025-03-25 and carries a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).

Attackers can exploit this vulnerability remotely over the network with low complexity but require high privileges (PR:H), such as administrative access to the device. Successful exploitation enables limited impacts, including low-level confidentiality, integrity, and availability violations through injected OS commands.

Advisories from VulDB document the issue (CTI ID 300737) and reference a public exploit disclosure, while a GitHub repository provides detailed analysis and proof-of-concept for the diag_nslookup endpoint. The D-Link website is listed as a reference, though no specific patch details are outlined in the available sources.

The exploit has been publicly disclosed and may be used, increasing the risk for unpatched D-Link DIR-823X devices.