VulnerabilityBleeping Computer
8.8 — CRITICAL
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in D-Link DIR-823X routers, to enlist devices into the botnet. This is the first time in-the-wild active exploitation has been observed.
⚙️Technical Details
CVEs
CVE-2025-29635CVE-2023-1389
Affected Systems
Dlink Dir-823XTP-Link Archer AX21
Attack Vectors
NETWORKADJACENT_NETWORK
💥Impact Assessment
Severity: HIGH
Who Is at Risk
Users of affected D-Link DIR-823X routers and TP-Link Archer AX21 devices that have reached end of life (EoL)
🛡️Recommended Actions
1Upgrade to a newer model with active support and frequent security fixes
2Disable remote administration portals if not needed
3Change default admin passwords and monitor for unexpected configuration changes
📦Affected Products
Dlink Dir-823XDlink Dir-823X FirmwareTp-Link Archer Ax21Tp-Link Archer Ax21 FirmwareTP-Link Archer AX21
🔐NVD Verified DataVERIFIED
CVE-2025-29635 ↗CVSS 8.8 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-77
Affected Products (CPE)
Dlink Dir-823XDlink Dir-823X Firmware
CVE-2023-1389 ↗CVSS 8.8 — HIGH
Attack Vector
ADJACENT_NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-77
Affected Products (CPE)
Tp-Link Archer Ax21Tp-Link Archer Ax21 Firmware
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.