[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-29635":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-25T12:20:59.409Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":52,"aliases":70,"duplicate_of":9,"upstream":71,"downstream":72,"duplicates":73,"related":74,"reserved_at":9,"published_at":75,"modified_at":76,"state":77,"summary":78,"references_raw":88,"kevs":106,"epss":117,"epss_history":119,"metrics":381,"affected":389},"CVE-2025-29635","A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","weakness","Draft","Class","High",[20,24,28,32,36,40,44,48],{"id":21,"name":22,"techniques":23},"CAPEC-136","LDAP Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":33,"name":34,"techniques":35},"CAPEC-248","Command Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":41,"name":42,"techniques":43},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":45,"name":46,"techniques":47},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":49,"name":50,"techniques":51},"CAPEC-76","Manipulating Web Input to File System Calls",[],[53,62],{"_key":54,"name":55,"source":56,"url":57,"maturity":58,"reliability_score":59,"verified":60,"type":9,"platforms":61,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_MONO7S_DIR-823X","Dir 823X","github","https://github.com/mono7s/Dir-823x/blob/main/diag_nslookup/diag_nslookup.md","poc",0.3,false,[],{"_key":63,"name":64,"source":65,"url":66,"maturity":67,"reliability_score":68,"verified":60,"type":9,"platforms":69,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_5A9D302BA5E3F6FD","Exploit Reference (akamai.com)","reference","https://www.akamai.com/blog/security-research/2026/apr/cve-2025-29635-mirai-campaign-targets-d-link-devices","unknown",0.2,[],[],[],[],[],[],"2025-03-25T00:00:00.000Z","2026-04-25T03:55:37.481Z","Analyzed",{"cisa_kev":79,"cisa_ransomware":60,"cisa_vendor":80,"epss_severity":81,"epss_score":82,"severity":83,"severity_score":84,"severity_version":85,"severity_source":86,"severity_vector":87,"severity_status":77},true,"D-Link","low",0.0125,"high",7.2,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",[89,97,100],{"url":90,"sources":91,"tags":93},"https://github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.md",[86,92],"nvd",[94,95,96],"Exploit","Third Party Advisory","Broken Link",{"url":66,"sources":98,"tags":99},[86,92],[95,94],{"url":101,"sources":102,"tags":103},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29635",[86,92],[104,105],"Government Resource","US Government Resource",[107],{"source":108,"vendor":80,"product":109,"date_added":110,"vulnerability_name":111,"short_description":112,"required_action":113,"due_date":114,"known_ransomware_campaign_use":115,"notes":116,"exploitation_type":9},"cisa","DIR-823X","2026-04-24","D-Link DIR-823X Command Injection Vulnerability","D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-05-08","Unknown","https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635",{"date":110,"score":82,"percentile":118},0.79381,[120,124,127,130,133,136,138,141,143,145,148,151,154,157,160,164,167,170,173,176,179,182,185,188,191,195,198,201,204,207,210,213,216,219,222,225,229,232,235,238,241,244,247,250,253,256,259,261,264,266,269,272,275,277,280,283,286,289,292,295,298,301,303,306,309,312,315,318,320,323,325,327,330,333,336,339,342,346,349,352,355,358,361,363,365,368,371,374,376,378],{"date":121,"score":122,"percentile":123},"2025-11-04",0.0132,0.79218,{"date":125,"score":122,"percentile":126},"2025-11-05",0.79217,{"date":128,"score":122,"percentile":129},"2025-11-06",0.79215,{"date":131,"score":122,"percentile":132},"2025-11-07",0.79228,{"date":134,"score":122,"percentile":135},"2025-11-08",0.79235,{"date":137,"score":122,"percentile":132},"2025-11-09",{"date":139,"score":122,"percentile":140},"2025-11-10",0.79216,{"date":142,"score":122,"percentile":123},"2025-11-11",{"date":144,"score":122,"percentile":135},"2025-11-12",{"date":146,"score":122,"percentile":147},"2025-11-13",0.79244,{"date":149,"score":122,"percentile":150},"2025-11-14",0.7925,{"date":152,"score":122,"percentile":153},"2025-11-15",0.79251,{"date":155,"score":122,"percentile":156},"2025-11-16",0.79252,{"date":158,"score":122,"percentile":159},"2025-11-17",0.79247,{"date":161,"score":162,"percentile":163},"2025-11-18",0.01188,0.77013,{"date":165,"score":162,"percentile":166},"2025-11-19",0.7702,{"date":168,"score":162,"percentile":169},"2025-11-20",0.77029,{"date":171,"score":122,"percentile":172},"2025-11-21",0.79273,{"date":174,"score":122,"percentile":175},"2025-11-22",0.79277,{"date":177,"score":122,"percentile":178},"2025-11-23",0.79265,{"date":180,"score":122,"percentile":181},"2025-11-24",0.79264,{"date":183,"score":122,"percentile":184},"2025-11-25",0.79268,{"date":186,"score":122,"percentile":187},"2025-11-26",0.79269,{"date":189,"score":122,"percentile":190},"2025-11-27",0.79271,{"date":192,"score":193,"percentile":194},"2025-11-28",0.01481,0.80397,{"date":196,"score":193,"percentile":197},"2025-11-29",0.804,{"date":199,"score":193,"percentile":200},"2025-11-30",0.80403,{"date":202,"score":193,"percentile":203},"2025-12-01",0.80488,{"date":205,"score":193,"percentile":206},"2025-12-02",0.80492,{"date":208,"score":193,"percentile":209},"2025-12-03",0.80491,{"date":211,"score":193,"percentile":212},"2025-12-04",0.80405,{"date":214,"score":193,"percentile":215},"2025-12-05",0.80412,{"date":217,"score":193,"percentile":218},"2025-12-06",0.80415,{"date":220,"score":193,"percentile":221},"2025-12-07",0.80417,{"date":223,"score":193,"percentile":224},"2025-12-08",0.80421,{"date":226,"score":227,"percentile":228},"2025-12-09",0.01552,0.80887,{"date":230,"score":227,"percentile":231},"2025-12-10",0.80913,{"date":233,"score":227,"percentile":234},"2025-12-11",0.80925,{"date":236,"score":227,"percentile":237},"2025-12-12",0.80939,{"date":239,"score":227,"percentile":240},"2025-12-13",0.80938,{"date":242,"score":227,"percentile":243},"2025-12-14",0.80935,{"date":245,"score":227,"percentile":246},"2025-12-15",0.80932,{"date":248,"score":227,"percentile":249},"2025-12-16",0.80942,{"date":251,"score":227,"percentile":252},"2025-12-17",0.8095,{"date":254,"score":227,"percentile":255},"2025-12-18",0.80969,{"date":257,"score":227,"percentile":258},"2025-12-19",0.80975,{"date":260,"score":227,"percentile":255},"2025-12-20",{"date":262,"score":227,"percentile":263},"2025-12-21",0.80963,{"date":265,"score":227,"percentile":263},"2025-12-22",{"date":267,"score":227,"percentile":268},"2025-12-23",0.80967,{"date":270,"score":227,"percentile":271},"2025-12-24",0.8098,{"date":273,"score":227,"percentile":274},"2025-12-25",0.80997,{"date":276,"score":227,"percentile":274},"2025-12-26",{"date":278,"score":227,"percentile":279},"2025-12-27",0.81035,{"date":281,"score":227,"percentile":282},"2025-12-28",0.80984,{"date":284,"score":227,"percentile":285},"2025-12-29",0.80982,{"date":287,"score":227,"percentile":288},"2025-12-30",0.80989,{"date":290,"score":227,"percentile":291},"2025-12-31",0.81002,{"date":293,"score":227,"percentile":294},"2026-01-01",0.81081,{"date":296,"score":227,"percentile":297},"2026-01-02",0.81078,{"date":299,"score":227,"percentile":300},"2026-01-03",0.81072,{"date":302,"score":227,"percentile":282},"2026-01-04",{"date":304,"score":227,"percentile":305},"2026-01-05",0.80979,{"date":307,"score":227,"percentile":308},"2026-01-06",0.80983,{"date":310,"score":227,"percentile":311},"2026-01-07",0.80986,{"date":313,"score":227,"percentile":314},"2026-01-08",0.80995,{"date":316,"score":227,"percentile":317},"2026-01-09",0.80996,{"date":319,"score":227,"percentile":274},"2026-01-10",{"date":321,"score":227,"percentile":322},"2026-01-11",0.8099,{"date":324,"score":227,"percentile":285},"2026-01-12",{"date":326,"score":227,"percentile":305},"2026-01-13",{"date":328,"score":227,"percentile":329},"2026-01-14",0.81,{"date":331,"score":227,"percentile":332},"2026-01-15",0.81001,{"date":334,"score":227,"percentile":335},"2026-01-16",0.8101,{"date":337,"score":227,"percentile":338},"2026-01-17",0.81018,{"date":340,"score":227,"percentile":341},"2026-01-18",0.81008,{"date":343,"score":344,"percentile":345},"2026-01-19",0.0164,0.81508,{"date":347,"score":344,"percentile":348},"2026-01-20",0.81512,{"date":350,"score":344,"percentile":351},"2026-01-21",0.81518,{"date":353,"score":344,"percentile":354},"2026-01-22",0.81527,{"date":356,"score":344,"percentile":357},"2026-01-23",0.81552,{"date":359,"score":344,"percentile":360},"2026-01-24",0.81559,{"date":362,"score":344,"percentile":357},"2026-01-25",{"date":364,"score":344,"percentile":357},"2026-01-26",{"date":366,"score":344,"percentile":367},"2026-01-27",0.81551,{"date":369,"score":344,"percentile":370},"2026-01-28",0.81549,{"date":372,"score":344,"percentile":373},"2026-01-29",0.81547,{"date":375,"score":344,"percentile":373},"2026-01-30",{"date":377,"score":344,"percentile":357},"2026-01-31",{"date":379,"score":344,"percentile":380},"2026-02-01",0.81633,[382,387],{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":383,"cvss_v4_0":9},{"baseScore":84,"baseSeverity":384,"vectorString":87,"impactScore":385,"exploitabilityScore":386},"HIGH",9.8,3.1,{"source":92,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":388,"cvss_v4_0":9},{"baseScore":84,"baseSeverity":384,"vectorString":87,"impactScore":385,"exploitabilityScore":386},[390],{"ecosystem":9,"name":391,"vendor":392,"product":393,"cpe_part":394,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":395},"dir-823x firmware","dlink","dir-823x_firmware","o",[396,399],{"version":397,"is_range":60,"range_type":398,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"240126","cpe",{"version":400,"is_range":60,"range_type":398,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"240802"]