CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote comma...
CVE-2025-29635CVSS 7.2CISA KEVKnown Exploited

CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote comma...

CVSS
7.2 HIGH
EPSS
99.73%
Known exploited
yes
Product
DIR-823X

What is known

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

Sources