Vulnerability Details CVE-2025-29635
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.668
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 7.2
Proposed Action
D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-29635
-
cpe:2.3:h:dlink:dir-823x:-
-
cpe:2.3:o:dlink:dir-823x_firmware:240126
-
cpe:2.3:o:dlink:dir-823x_firmware:240802