Threat Intelligence / CVE / CVE-2026-2129

CVE-2026-2129

CVSS 7.2 (HIGH) · EPSS 0.1% · Published 2026-02-08

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77, CWE-78

Threats tracking this CVE

CVE-2025-29635 — Mirai Variant Campaign Recruiting D-Link DIR-823X Routers via /goform/set_prohibiting Command Injection — HIGH

References

https://github.com/master-abc/cve/issues/23
https://vuldb.com/?ctiid.344764
https://vuldb.com/?id.344764
https://vuldb.com/?submit.746935
https://www.dlink.com/

Full detection coverage & IOCs for threats exploiting CVE-2026-2129 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence