D-Link DIR-823X Command Injection CVE-2025-29635
Summary
A command injection vulnerability (CVE-2025-29635) in D-Link DIR-823X firmware versions 240126 and 240802 allows an authorized attacker to execute arbitrary commands by sending a POST request to /goform/set_prohibiting. CISA has catalogued this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation and a binding remediation obligation for federal agencies under BOD 22-01. The flaw carries a CVSS 3.1 score of 7.2 (HIGH) and is classified as CWE-77 Improper Neutralization of Special Elements used in a Command.
“A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.”
About this source
GovPing monitors CISA Known Exploited Vulnerabilities (KEV) for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 41 changes logged to date.
What changed
CISA added CVE-2025-29635, a command injection vulnerability in D-Link DIR-823X routers, to its Known Exploited Vulnerabilities catalog. The vulnerability affects firmware versions 240126 and 240802 and allows an authorized attacker with access to the device to execute arbitrary commands by sending a crafted POST request to the /goform/set_prohibiting endpoint, resulting in full system compromise.
Organizations operating D-Link DIR-823X devices must treat this as an urgent remediation priority. Inclusion in the CISA KEV catalog triggers mandatory remediation timelines for federal civilian agencies under Binding Operational Directive 22-01. All affected entities should apply vendor patches immediately upon availability, apply network-level mitigations such as restricting access to management interfaces, and monitor for indicators of exploitation.
Archived snapshot
Apr 25, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Required CVE Record Information
CNA: MITRE Corporation
Updated:
2025-03-25
Description
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
Product Status
Learn more Information not provided
References 1 Total
Authorized Data Publishers
CISA-ADP
SSVC and KEV, plus CVSS and CWE if not provided by the CNA.
SSVC 1 Total
Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| active | no | total | 2.0.3 | 2026-04-24 |
KEV 1 Total
Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29635 (2026-04-24)
CWE 1 Total
Learn more
- CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSS 1 Total
Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 7.2 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Mentioned entities
Related changes
Get daily alerts for CISA Known Exploited Vulnerabilities (KEV)
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CISA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CISA Known Exploited Vulnerabilities (KEV) publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.