CVE-2025-60675
MEDIUMD-Link DIR-823G <DIR823G_V1.0.2B05_20181207.bin - Command Injection
Title source: llmDescription
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device.
References (4)
Core 4
Core References
Product
http://d-link.com
Exploit, Third Party Advisory
https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-823G/CVE-2025-60675.md
Product
https://www.dlink.com/en
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
Scores
CVSS v3
5.4
EPSS
0.0078
EPSS Percentile
73.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
dlink/dir-823g_firmware
1.0.2b05_20181207
Published
Nov 13, 2025
Tracked Since
Feb 18, 2026