High severity7.2CISA KEVNVD Advisory· Published Mar 25, 2025· Updated Apr 24, 2026

CVE-2025-29635

Description

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

Affected products

Dlink/Dir 823x Firmware2 versions
cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:dlink:dir-823x_firmware:240126:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-823x_firmware:240802:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.mdnvdExploitThird Party AdvisoryBroken Link
www.akamai.com/blog/security-research/2026/apr/cve-2025-29635-mirai-campaign-targets-d-link-devicesnvdExploitThird Party Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

27th April – Threat Intelligence Report
Check Point Research · Apr 27, 2026
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA Alerts

cvss	0.468
epss	0.046
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000