CVE-2025-60671
MEDIUMD-Link DIR-823G <DIR823G_V1.0.2B05_20181207.bin - Command Injection
Title source: llmDescription
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device.
References (4)
Core 4
Core References
Product
http://d-link.com
Exploit, Third Party Advisory
https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-823G/CVE-2025-60671.md
Product
https://www.dlink.com/en
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
Scores
CVSS v3
5.4
EPSS
0.0078
EPSS Percentile
73.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
dlink/dir-823g_firmware
1.0.2b05_20181207
Published
Nov 13, 2025
Tracked Since
Feb 18, 2026