CVE-2025-29635

Published Mar 25, 2025

Last updated 17 days ago

Exploit knownCVSS high 7.2
Zero-day
IoT
Firmware
D-Link DIR-823X

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-29635 describes a command injection vulnerability found in specific firmware versions (240126 and 240802) of D-Link DIR-823X routers. This flaw allows an authorized attacker to execute arbitrary commands on affected remote devices. The vulnerability is triggered by sending a specially crafted POST request to the `/goform/set_prohibiting` function, which can lead to remote command execution. Reports indicate that this vulnerability has been exploited by the Mirai botnet.

Description
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
Source
cve@mitre.org
NVD status
Analyzed
Products
dir-823x_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
D-Link DIR-823X Command Injection Vulnerability
Exploit added on
Apr 24, 2026
Exploit action due
May 8, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-77

Social media

Hype score
Not currently trending

  1. The D-Link DIR-823X has a known command injection vulnerability (CVE-2025-29635). SMBs and healthcare orgs should apply vendor mitigations or consider discontinuing use. Stay proactive with ADK Cyber for tailored security support. #Cybersecurity

    @ADKCyber

    8 May 2026

    253 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. The D-Link DIR-823X has a known command injection flaw (CVE-2025-29635). Businesses using this device should apply vendor mitigations or consider alternatives to reduce risk. For tailored guidance, ADK Cyber is here to help. #Cybersecurity

    @ADKCyber

    6 May 2026

    297 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. D-Link DIR-823X has a known command injection vulnerability (CVE-2025-29635). Review vendor guidance and apply recommended mitigations or consider discontinuing use. Staying current helps reduce risk. #CyberSecurity

    @ADKCyber

    6 May 2026

    300 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. The D-Link DIR-823X has a known command injection vulnerability (CVE-2025-29635) with a mitigation deadline of May 2026. Businesses should apply vendor patches or discontinue use to reduce risk. ADK Cyber can help assess your device security. #Cybersecurity

    @ADKCyber

    5 May 2026

    276 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. The D-Link DIR-823X router has a known command injection vulnerability (CVE-2025-29635) with a due mitigation date of May 2026. Businesses should review vendor guidance and consider mitigation or replacement options to reduce risks. #Cybersecurity

    @ADKCyber

    4 May 2026

    129 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerability CVE-2025-29635 against D-Link DIR-823X series routers. Full details: https://t.co/5M1SKALnCN

    @akamai_research

    1 May 2026

    435 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-29635: Mirai Botnet Hits Retired D-Link DIR-823X Routers https://t.co/hBJ1FJT6PZ #CVE202529635 #MiraiBotnet #CyberSecurity

    @SelvaKtm2

    30 Apr 2026

    74 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-29635: Mirai Botnet Hits Retired D-Link DIR-823X Routers https://t.co/DCCv0K81ki #CVE202529635 #MiraiBotnet #CyberSecurity

    @CyberInsights1

    28 Apr 2026

    0 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-29635: Mirai Botnet Hits Retired D-Link DIR-823X Routers https://t.co/7eGZLLIhco #CVE202529635 #MiraiBotnet #CyberSecurity

    @cybrsecpath

    28 Apr 2026

    193 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CISA Alerte Critique : Exploitation Active d’une Injection de Commandes sur les Routeurs D-Link DIR-823X (CVE-2025-29635) #NicolasCoolman https://t.co/lvDf09cypA

    @NicolasCoolman

    26 Apr 2026

    221 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Top 5 Trending CVEs: 1 - CVE-2014-6271 2 - CVE-2026-35535 3 - CVE-2024-7399 4 - CVE-2025-29635 5 - CVE-2026-0628 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    26 Apr 2026

    223 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CISA added 4 CVEs to KEV: Samsung MagicINFO (CVE-2024-7399), two SimpleHelp RMM bugs (CVE-2024-57726/57728), D-Link DIR-823X (CVE-2025-29635). RMM remains a top ransomware on-ramp - patch yours hard. https://t.co/HLdbWLw0wQ #infosec #CISA #KEV #ransomware

    @CyberDaily_News

    26 Apr 2026

    163 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA added CVE-2025-29635 to KEV: authenticated command injection in D-Link DIR-823X routers via /goform/set_prohibiting. Device is EoL — no patch coming. If you have one in service, replace it. https://t.co/91MfahnJG9

    @TechTranslators

    25 Apr 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 BREAKING: #BreakingNews CISA adds 4 exploited flaws to KEV catalog: CVE-2024-7399 (Samsung MagicINFO 9 Server), CVE-2024-57726 & CVE-2024-57728 (SimpleHelp), CVE-2025-29635 (D-Link DIR-823X routers). Sets May 2026 federal deadline. #US #Cybersecurity #CISA #KEV https://t

    @Archange_Shadow

    25 Apr 2026

    162 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 【概ね平和】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の脆弱性を追加。Samsung MagicINFO 9 ServerのCVE-2024-7399、SimpleHelpのCVE-2024-57726とCVE-2024-57728、D-Link DIR-823XのC

    @__kokumoto

    24 Apr 2026

    950 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  16. ⚠️ New vulnerability just added to the CISA KEV catalog Command Injection in D-Link DIR-823X (CVE-2025-29635) 📊 CVSS Score: 7.2 (High) 🔐 Authentication required ⚙️ Exploitable in default configuration 🔥 Active exploitation in the wild 🌐 Mixed internet/intern

    @ThreatLevelAI

    24 Apr 2026

    129 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  17. 🔴 D-Link DIR-823X, Command Injection, #CVE-2025-29635 (Critical) https://t.co/wg5Y6Jp6JN

    @dailycve

    24 Apr 2026

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🛡️ Vulnerabilidad CVE-2025-29635 en D-Link DIR-823X: Inyección de Comandos Crítica Analizamos la CVE-2025-29635, una vulnerabilidad de inyección de comandos en routers D-Link DIR-823X con puntuación CVSS 7.2. Impacto, mitigaciones y recomendac https://t.co/YWhhBCLAQs

    @CiberPlanetaOrg

    24 Apr 2026

    133 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🛡️ Alerta de Seguridad: Vulnerabilidad de Inyección de Comandos en D-Link DIR-823X (CVE-2025-29635) La vulnerabilidad CVE-2025-29635 en D-Link DIR-823X permite a atacantes autorizados ejecutar comandos arbitrarios vía POST a /goform/set_prohibiting (CWE-77). Severidad alta

    @CiberPlanetaOrg

    24 Apr 2026

    132 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ‼️ Four vulnerabilities have been added to the CISA KEV Catalog CVE-2025-29635 - D-Link DIR-823X Command Injection Vulnerability CVE-2024-7399 - Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57728 - SimpleHelp Path Traversal Vulnerability CVE-2024-57726

    @DarkWebInformer

    24 Apr 2026

    3949 Impressions

    6 Retweets

    20 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

  21. 🚨 A new Mirai botnet campaign is exploiting a critical RCE flaw (CVE-2025-29635) in discontinued D-Link routers. The devices are EoL and will not be patched. Disconnect them now to prevent them from joining a DDoS botnet! #Mirai #Botnet #IoT #DLink 🔗 https://t.co/JvqrtTMDk

    @NetSecIO

    24 Apr 2026

    149 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Nueva campaña maliciosa de Mirai ataca routers D-Link de la serie DIR-823X Una nueva campaña maliciosa de Mirai está explotando la vulnerabilidad CVE-2025-29635 en routers D-Link de la serie DIR-823X https://t.co/ktO2PoHhFn

    @elhackernet

    24 Apr 2026

    1610 Impressions

    7 Retweets

    16 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  23. Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers https://t.co/7AWDSfWcWR

    @ohhara_shiojiri

    24 Apr 2026

    141 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 新たなMiraiの亜種、生産終了のD-Linkルーターを標的に(CVE-2025-29635) | Codebook|Security News https://t.co/lh54FVmL1w

    @ohhara_shiojiri

    24 Apr 2026

    171 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨 Active exploitation alert: New Mirai botnet campaign exploiting CVE-2025-29635 (RCE) on End-of-Life D-Link routers. If your network still runs EoL devices, you're volunteering compute power to threat actors. Replace or isolate NOW. #IoTSecurity #Mirai #Botnet #CVE

    @isectech_

    23 Apr 2026

    163 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers https://t.co/lZzSnMc4M3

    @_aircorridor

    23 Apr 2026

    1378 Impressions

    6 Retweets

    8 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  27. *New Mirai activity is exploiting an RCE flaw in end-of-life D-Link routers (CVE-2025-29635)* Why it matters: unpatched EoL edge devices continue to be low-cost botnet fuel for large-scale DDoS and follow-on abuse. Source: https://t.co/EXWcsYU56T

    @gbc13

    23 Apr 2026

    169 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. A hacking gang is actively hijacking D-Link DIR-823X routers using a known security flaw — vulnerability (CVE-2025-29635) — to conscript them into a botnet that launches large-scale attacks on websites and services. D-Link stopped supporting this router model in November 2024

    @cybernewslive

    23 Apr 2026

    174 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  29. 『loads a Mirai malware payload, named “tuxnokill”, which supports various architectures from the same downloader IP address 88.214.20[.]14.』 CVE-2025-29635: Mirai Campaign Targets D-Link Devices | Akamai https://t.co/vJkn953Fah

    @autumn_good_35

    23 Apr 2026

    436 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  30. 🚨 Alerta Mirai em Roteadores D-Link EoL Uma nova campanha Mirai explora a CVE-2025-29635 em roteadores D-Link DIR-823X que atingiram o fim da vida útil (EoL). Milhões de dispositivos sem suporte se tornam alvos fáceis, transformando redes domésticas em botnets para ataqu

    @EloViral

    23 Apr 2026

    134 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Router D-Link sotto attacco: la botnet Mirai sfrutta la CVE-2025-29635 per creare un esercito di “Zombie” Botnet, Akamai, D-Link, Mirai, Mirai tuxnokill https://t.co/3QmBB9fxlD https://t.co/598dnjhrWn

    @matricedigitale

    23 Apr 2026

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 新たなMiraiの亜種、生産終了のD-Linkルーターを標的に(CVE-2025-29635) | Codebook|Security News https://t.co/D2ZjMn2wlN >>このマルウェアには、「AI. NEEDS. TO. DIE(AIは死すべき)」という珍しいメッセージがハードコ

    @ragemax

    23 Apr 2026

    473 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Mirai botnet exploits CVE-2025-29635 command injection flaw in discontinued D-Link DIR-823X routers via crafted POST requests. Akamai observed active exploitation starting March 2026, one year after PoC disclosure. #DFIR_Radar https://t.co/6wTi7prC4p

    @DFIR_Radar

    23 Apr 2026

    279 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers https://t.co/9lSbimTX8X

    @PVynckier

    23 Apr 2026

    130 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. ⚠️新たなMiraiの亜種、生産終了のD-Linkルーターを標的に(CVE-2025-29635) 〜サイバーアラート4月23日〜 https://t.co/M0j3nuJsMS

    @MachinaRecord

    23 Apr 2026

    210 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers https://t.co/AidvJmhvu4

    @Dinosn

    23 Apr 2026

    1019 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 Acaba de confirmarse: Mirai Botnet está explotando la vulnerabilidad CVE-2025-29635 en routers D-Link legacy para targeting dispositivos vulnerables. El botnet Mirai está atacando a routers D-Link de generaciones anteriores, aprovechando una vulnerabilidad de inyección d

    @BotBauR

    23 Apr 2026

    132 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨 𝐍𝐞𝐰 𝐌𝐢𝐫𝐚𝐢 𝐜𝐚𝐦𝐩𝐚𝐢𝐠𝐧 𝐞𝐱𝐩𝐥𝐨𝐢𝐭𝐬 𝐑𝐂𝐄 𝐟𝐥𝐚𝐰 𝐢𝐧 𝐄𝐨𝐋 𝐃-𝐋𝐢𝐧𝐤 𝐫𝐨𝐮𝐭𝐞𝐫𝐬 • A Mirai-based malware campaign is exploiting CVE-2025-29635 in D-L

    @PurpleOps_io

    23 Apr 2026

    132 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  39. A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. https://t.co/8SCCeJmkWU #DLink #Router #Malware #ENETechnologyServicesGlendora

    @enetechnologys2

    23 Apr 2026

    213 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. A new Mirai campaign exploits CVE-2025-29635 in EoL D-Link DIR-823X routers, using POST to /goform/set_prohibiting for RCE and deploying the multi-arch variant "tuxnokill." Detected globally in March 2026. #DLink #MiraiBotnet #USA https://t.co/VEPgHVjuZ5

    @TweetThreatNews

    23 Apr 2026

    243 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Attackers exploiting CVE-2025-29635 in D-Link routers are downloading Mirai malware through command injection at the /goform/set_prohibiting endpoint. TRC analysis shows the 'tuxnokill' variant establishes C2 channels to orchestrate coordinated DDoS campaigns from compromised

    @aviatrixtrc

    22 Apr 2026

    142 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Akamai's SIRT reports Mirai is actively exploiting CVE-2025-29635 to weaponize legacy D-Link DIR-823X routers via crafted POST requests, dropping a Mirai variant and fetching malware from external hosts. https://t.co/BsaQMJVm7d

    @Cyber_O51NT

    22 Apr 2026

    805 Impressions

    2 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. MiraiボットネットはCVE-2025-29635を悪用し、旧型のD-Linkルーターを標的にしている Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers #SecurityAffairs (Apr 22) https://t.co/UTIWRYJcH5

    @foxbook

    22 Apr 2026

    326 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Mirai 기반 멀웨어 캠페인이 수명 종료(EoL)된 D-Link DIR-823X 라우터의 명령주입 취약점(CVE-2025-29635)을 적극 악용해 기기를 봇넷에 편입시키고 있다. https://t.co/9R20QovBXL

    @ngnicky

    22 Apr 2026

    175 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Mirai Botnet Exploits D-Link Router Flaw CVE-2025-29635 #cve202529635 #dlinkrouter #miraibotnet

    @kaxm231

    22 Apr 2026

    132 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Mirai Botnet Exploits D-Link Router Flaw CVE-2025-29635 #cve202529635 #dlinkrouter #miraibotnet https://t.co/nUST8rUEHP

    @Anavem_

    22 Apr 2026

    151 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Mirai hits CVE-2025-29635 in EOL D-Link DIR-823X routers a year after PoC. No patch - forever-day IoT. https://t.co/l4ZEciMxh3 #infosec #IoT #Mirai

    @CyberDaily_News

    22 Apr 2026

    142 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 BREAKING: #BreakingNews Mirai botnet exploits CVE-2025-29635 command-injection flaw in EOL D-Link DIR-823X routers via crafted POST requests to build botnet. Akamai SIRT observed active attacks.[127 chars] #DLink #Mirai #Cybersecurity https://t.co/B7RzL9EvHJ

    @Archange_Shadow

    22 Apr 2026

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. New Mirai-based campaign exploits CVE-2025-29635, a high-severity command-injection flaw in EOL D-Link DIR-823X routers, turning affected devices into a botnet. Learn more: https://t.co/zZ4T8RrmQJ

    @trubetech

    22 Apr 2026

    129 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. A revived Mirai botnet campaign is exploiting CVE-2025-29635 to compromise legacy D-Link routers, turning outdated devices into powerful tools for large-scale cyberattacks. https://t.co/vn9cgURtey

    @rfeio

    22 Apr 2026

    139 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.CVE-2026-31748
  2. Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.CVE-2024-54011
  3. Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.CVE-2026-21515
  4. A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.CVE-2026-25775
  5. Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.CVE-2026-33825

References

Sources include official advisories and independent security research.