CVE-2026-4627

HIGH

D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection

Title source: cna
STIX 2.1

Description

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

References (4)

Core 4
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-352495 | D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection
https://vuldb.com/?id.352495
Signature, Permissions Required signature permissions-required
VDB-352495 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.352495
Third Party Advisory third-party-advisory
Submit #775794 | D-Link DIR-825I 1.0.5 OS Command Injection
https://vuldb.com/?submit.775794
Product product
https://www.dlink.com/

Scores

CVSS v3 7.2
EPSS 0.0202
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77 CWE-78
Status published
Products (4)
D-Link/DIR-825 1.0.5
D-Link/DIR-825 4.5.1
D-Link/DIR-825R 1.0.5
D-Link/DIR-825R 4.5.1
Published Mar 24, 2026
Tracked Since Mar 24, 2026