CVE-2025-29635

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126 through 240802

Description A command injection issue allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to "/goform/set prohibiting" via the corresponding function, triggering remote command execution.

Recommendations For versions 240126 through 240802, consider disabling the function that triggers the command injection via the "/goform/set prohibiting" endpoint until a patch is available. Restrict access to the "/goform/set prohibiting" endpoint to minimize the risk of exploitation.