COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-29635

CVE-2025-29635

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-24
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-29635
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildsupply-chainunpatched

D-Link DIR-823X router allows remote command execution via POST request to /goform/set_prohibiting endpoint.

This command injection vulnerability enables remote code execution on D-Link DIR-823X devices, which are often deployed in unsecured IoT environments. DIB organizations must immediately revoke access to these devices and replace them with patched hardware to prevent unauthorized access to internal networks. The vendor has not provided a patch, and the product is potentially end-of-life, leaving organizations exposed to lateral movement attacks.

Shame score — A critical RCE vulnerability in a widely deployed consumer router that is potentially end-of-life, with no vendor patch available.

Players implicated

D-Link · vendorDIR-823X · product

Description

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.