Command Injection Vulnerability in D-Link DIR-823X Products
CVE-2025-29635

8.8HIGH

Key Information:

Vendor: D-Link
Status: DIR-823X
Vendor: CVE Published:; 25 March 2025

Summary

A command injection vulnerability exists in the D-Link DIR-823X series, specifically affecting versions 240126 and 240802. This flaw allows an authorized attacker to execute arbitrary commands on the affected devices by sending specially crafted POST requests to the /goform/set_prohibiting endpoint. If exploited, this vulnerability enables the attacker to gain unauthorized access and control over potentially sensitive functions, posing significant risks to system integrity and user confidentiality.

References

https://github.com/mono7s/Dir-823x/blob/main/set_prohibit...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 11, 2025