Sign-up

ID

VAR-202504-1354


CVE

CVE-2025-29039


TITLE

D-Link Systems, Inc.  of  DIR-823X  Code injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004059

DESCRIPTION

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8. D-Link Systems, Inc. of DIR-823X A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-832x is a wireless router from D-Link, a Chinese company. D-Link DIR-832x has a code injection vulnerability, which is caused by the function 0x41dda8 failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-29039 // JVNDB: JVNDB-2025-004059 // CNVD: CNVD-2025-11315

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11315

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-823xscope:eqversion:240802

Trust: 1.0

vendor:d linkmodel:dir-823xscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-823xscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-823xscope:eqversion:dir-823x firmware 240802

Trust: 0.8

vendor:d linkmodel:dir-832xscope:eqversion:240802

Trust: 0.6

sources: CNVD: CNVD-2025-11315 // JVNDB: JVNDB-2025-004059 // NVD: CVE-2025-29039

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-29039
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-004059
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-11315
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-11315
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-29039
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-004059
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11315 // JVNDB: JVNDB-2025-004059 // NVD: CVE-2025-29039

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.0

problemtype:Code injection (CWE-94) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004059 // NVD: CVE-2025-29039

EXTERNAL IDS

db:NVDid:CVE-2025-29039

Trust: 3.2

db:JVNDBid:JVNDB-2025-004059

Trust: 0.8

db:CNVDid:CNVD-2025-11315

Trust: 0.6

sources: CNVD: CNVD-2025-11315 // JVNDB: JVNDB-2025-004059 // NVD: CVE-2025-29039

REFERENCES

url:https://gist.github.com/xyqer1/734fd1d93e4c08cea55dcb1e8b189a2b

Trust: 2.4

url:https://github.com/xyqer1/dlink-dir-823x-set_ntp-year-commandinjection

Trust: 1.8

url:https://www.dlink.com/en/security-bulletin/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-29039

Trust: 0.8

sources: CNVD: CNVD-2025-11315 // JVNDB: JVNDB-2025-004059 // NVD: CVE-2025-29039

SOURCES

db:CNVDid:CNVD-2025-11315
db:JVNDBid:JVNDB-2025-004059
db:NVDid:CVE-2025-29039

LAST UPDATE DATE

2025-06-05T23:18:37.487000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11315date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-004059date:2025-04-28T01:15:00
db:NVDid:CVE-2025-29039date:2025-04-25T18:28:39.133

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11315date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-004059date:2025-04-28T00:00:00
db:NVDid:CVE-2025-29039date:2025-04-17T17:15:32.797