CVE-2024-57726: D-Link DIR-823X Series Router

What is CVE-2024-57726?

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

CVSSawaiting NVD

Exploitation In the wild In CISA KEV

Triage statusActive Exploit

ActionPatch immediately

CISA Known Exploited Vulnerability

SimpleHelp Missing Authorization Vulnerability

Added to KEV2026-04-24

Federal patch deadline2026-05-08

Known ransomware useKnown

Affected product

D-Link DIR-823X Series Router

Remediation Steps

Access router administration panel and check current firmware version
Download latest firmware from D-Link support portal for DIR-823X model
Perform factory backup before firmware update
Install firmware update via administration interface
Verify router functionality and change default administrative credentials

References

Coverage on defend.network

Vulnerability Priority Report – Week 4 of April 2026 (April 27 – May 3)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.