VYPR
High severity7.2CISA KEVNVD Advisory· Published Mar 25, 2025· Updated Apr 24, 2026

CVE-2025-29635

CVE-2025-29635

Description

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*
    • cpe:2.3:o:dlink:dir-823x_firmware:240802:*:*:*:*:*:*:*
  • Dlink/DIR-823xllm-fuzzy
    Range: = 240126, 240802

Patches

Vulnerability mechanics

References

3

News mentions

4