High severity7.2CISA KEVNVD Advisory· Published Mar 25, 2025· Updated Apr 24, 2026
CVE-2025-29635
CVE-2025-29635
Description
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-823x_firmware:240802:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
3- github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.mdnvdExploitThird Party AdvisoryBroken Link
- www.akamai.com/blog/security-research/2026/apr/cve-2025-29635-mirai-campaign-targets-d-link-devicesnvdExploitThird Party Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
4- RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoSThe Hacker News · Jun 30, 2026
- 27th April – Threat Intelligence ReportCheck Point Research · Apr 27, 2026
- CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal DeadlineThe Hacker News · Apr 25, 2026
- CISA Adds Four Known Exploited Vulnerabilities to CatalogCISA Alerts