Details of VAR-202504-2957

ID

VAR-202504-2957

CVE

CVE-2025-29042

TITLE

D-Link Systems, Inc. of DIR-823X in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-004071

DESCRIPTION

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c. D-Link Systems, Inc. of DIR-823X The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-832x is a wireless router from D-Link of China. D-Link DIR-832x has a command injection vulnerability, which is caused by the failure of the macaddr key value and function 0x42232c to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-29042 // JVNDB: JVNDB-2025-004071 // CNVD: CNVD-2025-11316

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11316

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-823x	scope:	eq	version:	240802	Trust: 1.0
vendor:	d link	model:	dir-823x	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-823x	scope:	eq	version:	dir-823x firmware 240802	Trust: 0.8
vendor:	d link	model:	dir-832x	scope:	eq	version:	240802	Trust: 0.6

sources: CNVD: CNVD-2025-11316 // JVNDB: JVNDB-2025-004071 // NVD: CVE-2025-29042

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-29042
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-004071
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-11316
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-11316
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-29042
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-004071
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11316 // JVNDB: JVNDB-2025-004071 // NVD: CVE-2025-29042

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-004071 // NVD: CVE-2025-29042

EXTERNAL IDS

db:	NVD	id:	CVE-2025-29042	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-004071	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11316	Trust: 0.6

sources: CNVD: CNVD-2025-11316 // JVNDB: JVNDB-2025-004071 // NVD: CVE-2025-29042

REFERENCES

url:	https://gist.github.com/xyqer1/841e78a3c4029808dac8c439595a1358	Trust: 2.4
url:	https://github.com/xyqer1/dlink-dir-823x-set_prohibiting-macaddr-commandinjection	Trust: 1.8
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-29042	Trust: 0.8

sources: CNVD: CNVD-2025-11316 // JVNDB: JVNDB-2025-004071 // NVD: CVE-2025-29042

SOURCES

db:	CNVD	id:	CNVD-2025-11316
db:	JVNDB	id:	JVNDB-2025-004071
db:	NVD	id:	CVE-2025-29042

LAST UPDATE DATE

2025-06-05T23:11:54.989000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11316	date:	2025-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2025-004071	date:	2025-04-28T09:13:00
db:	NVD	id:	CVE-2025-29042	date:	2025-04-25T18:32:08.817

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11316	date:	2025-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2025-004071	date:	2025-04-28T00:00:00
db:	NVD	id:	CVE-2025-29042	date:	2025-04-17T16:15:38.560