CVE-2023-25280CISA KEVEPSS p99.9%

CVE-2023-25280D-Link DIR-820 Router OS Command Injection Vulnerability

D-Link / DIR-820 Router

Description

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

Scoring

EPSS98.05% probability of exploitation · percentile 99.9% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2024-09-30

(incoming)1

TypeTargetConfidenceTier
KEVEntryD-Link DIR-820 Router OS Command Injection Vulnerabilitykev-cve-2023-252800%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10401
CVE
CVE-2025-11096
CVE
D-Link DIR-820L Remote Code Execution Vulnerability
CVE
CVE-2025-10034
CVE
CVE-2025-44084
CVE
CVE-2025-52079
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.