CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability
Summary
A command injection vulnerability (CVE-2025-29635) has been identified in D-Link DIR-823X devices. This flaw allows authenticated attackers to execute arbitrary commands remotely by sending a crafted POST request. The affected devices may be end-of-life, and users are advised to discontinue their use or apply vendor-provided mitigations.
IFF Assessment
This vulnerability allows for remote code execution, posing a significant threat to the security and integrity of affected devices.
Severity
This is an Authentication required, Network attack vector, with High integrity and High availability impact, indicating a critical vulnerability that allows for arbitrary command execution. The score is estimated based on the description of command injection and its potential impact.
CISA KEV: Listed as actively exploited. Federal patch due: May 08, 2026. Known ransomware use: Unknown.
Defender Context
This command injection vulnerability in D-Link routers represents a critical risk as it enables remote attackers to gain control of affected devices. Defenders should prioritize identifying and decommissioning or isolating these EoL/EoS devices. Monitoring for unusual network traffic originating from these devices is also crucial.