Sign-up

ID

VAR-202504-1973


CVE

CVE-2025-29043


TITLE

D-Link Systems, Inc.  of  DIR-823X  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-004070

DESCRIPTION

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234. D-Link Systems, Inc. of DIR-823X The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823X is a wireless router from D-Link, a Chinese company. D-Link DIR-832x has a command injection vulnerability, which is caused by the failure of function 0x417234 to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-29043 // JVNDB: JVNDB-2025-004070 // CNVD: CNVD-2025-11314

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11314

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-823xscope:eqversion:240802

Trust: 1.0

vendor:d linkmodel:dir-823xscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-823xscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-823xscope:eqversion:dir-823x firmware 240802

Trust: 0.8

vendor:d linkmodel:dir-832xscope:eqversion:240802

Trust: 0.6

sources: CNVD: CNVD-2025-11314 // JVNDB: JVNDB-2025-004070 // NVD: CVE-2025-29043

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-29043
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-004070
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-11314
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-11314
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-29043
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-004070
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11314 // JVNDB: JVNDB-2025-004070 // NVD: CVE-2025-29043

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004070 // NVD: CVE-2025-29043

EXTERNAL IDS

db:NVDid:CVE-2025-29043

Trust: 3.2

db:JVNDBid:JVNDB-2025-004070

Trust: 0.8

db:CNVDid:CNVD-2025-11314

Trust: 0.6

sources: CNVD: CNVD-2025-11314 // JVNDB: JVNDB-2025-004070 // NVD: CVE-2025-29043

REFERENCES

url:https://gist.github.com/xyqer1/d5a5b18743b7a2fcbc0f93001d8e2ad9

Trust: 2.4

url:https://github.com/xyqer1/dlink-dir-823x-diag_traceroute-target_addr-commandinjection

Trust: 1.8

url:https://www.dlink.com/en/security-bulletin/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-29043

Trust: 0.8

sources: CNVD: CNVD-2025-11314 // JVNDB: JVNDB-2025-004070 // NVD: CVE-2025-29043

SOURCES

db:CNVDid:CNVD-2025-11314
db:JVNDBid:JVNDB-2025-004070
db:NVDid:CVE-2025-29043

LAST UPDATE DATE

2025-06-05T23:18:07.535000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11314date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-004070date:2025-04-28T09:13:00
db:NVDid:CVE-2025-29043date:2025-04-25T18:32:43.667

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11314date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-004070date:2025-04-28T00:00:00
db:NVDid:CVE-2025-29043date:2025-04-17T16:15:38.657