'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:345059)

Rule General Information
Release Date: 2026-06-10
Rule Name: D-Link DIR 823x set_prohibiting Command Injection Vulnerability (CVE-2025-29042)
Severity:
CVE ID:
Rule Protection Details
Description: The D-Link DIR-823x provides routing management functions such as access control and blacklisting. The set_prohibiting interface is used to submit MAC address-related policies. The macaddr parameter lacks strict input validation, allowing attackers to inject command injection characters such as semicolons, pipes, backticks, or newlines. This can lead to system command execution, tampering of access control rules, compromise of the router, and further impact on internal network security.
Impact: An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software.
Affected OS: Network Device
Reference: https://gist.github.com/xyqer1/841e78a3c4029808dac8c439595a1358
Solutions
Please contact the software vendor to update the software patch.