Analysis Summary

CVE-2025-2360 CVSS:7.3

A critical vulnerability exists in D-Link DIR-823G version 1.0.2B05_20181207. The issue is found in the UPnP Service, specifically within the SetUpnpSettings function of the /HNAP1/ file. By manipulating the SOAPAction argument, an attacker can achieve improper authorization. This vulnerability allows remote attackers to launch attacks. The exploit details have been publicly disclosed, indicating potential active use. The security flaw exclusively impacts unsupported D-Link products, which no longer receive maintenance or security updates from the manufacturer.

CVE-2025-2359 CVSS:7.3

A critical vulnerability exists in D-Link DIR-823G version 1.0.2B05_20181207. The issue is in the DDNS Service's SetDDNSSettings function within the /HNAP1/ file. An attacker can manipulate the SOAPAction argument to bypass authorization controls. This vulnerability allows remote attacks and can be potentially exploited. The security flaw specifically impacts unsupported D-Link products, increasing the risk for users of these older devices.

Impact

• Gain Access
• Code Execution

Indicators of Compromise

CVE

• CVE-2025-2360

• CVE-2025-2359

Affected Vendors

Remediation

Refer to D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website