Today CISA announced that it had added command injection vulnerability (CVE-2025-29635) in the D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router. The vulnerability was originally reported (with proof-of-concept code) by Wang Jinshuai and Zhao Jiangting at https://github.com/mono7s/, but that report was subsequently removed. D-Link responded in September 2025, noting that the router was end-of-life and no fix was planned.
Earlier this month Akamai reported that they had seen CVE-2025-29635 being exploited in their honey pots to deploy the Mirai botnet
CISA has directed federal agencies using the wireless router to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” A deadline of May 8th, 2026 has been established. Since the product is end-of-life and no fix is available, agencies would be required to stop using the D-Link DIR-823X routers.
Posts
No comments:
Post a Comment