Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for DIR-825R by D-Link

    CVE-2026-4627 (GCVE-0-2026-4627)

    Vulnerability from nvd – Published: 2026-03-24 03:32 – Updated: 2026-03-24 13:33 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection
    Summary
    A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.352495 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.352495 signaturepermissions-required
    https://vuldb.com/?submit.775794 third-party-advisory
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-825 Affected: 1.0.5
    Affected: 4.5.1
    Create a notification for this product.
    D-Link DIR-825R Affected: 1.0.5
    Affected: 4.5.1
    Create a notification for this product.
    Credits
    1935648903 (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:33:18.231606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:33:31.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "NTP Service"
              ],
              "product": "DIR-825",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "4.5.1"
                }
              ]
            },
            {
              "modules": [
                "NTP Service"
              ],
              "product": "DIR-825R",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "4.5.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "1935648903 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T03:32:49.354Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-352495 | D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.352495"
            },
            {
              "name": "VDB-352495 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.352495"
            },
            {
              "name": "Submit #775794 | D-Link DIR-825I 1.0.5 OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.775794"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-23T07:35:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-4627",
        "datePublished": "2026-03-24T03:32:49.354Z",
        "dateReserved": "2026-03-23T06:30:08.559Z",
        "dateUpdated": "2026-03-24T13:33:31.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4627 (GCVE-0-2026-4627)

    Vulnerability from cvelistv5 – Published: 2026-03-24 03:32 – Updated: 2026-03-24 13:33 Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection
    Summary
    A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.352495 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.352495 signaturepermissions-required
    https://vuldb.com/?submit.775794 third-party-advisory
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-825 Affected: 1.0.5
    Affected: 4.5.1
    Create a notification for this product.
    D-Link DIR-825R Affected: 1.0.5
    Affected: 4.5.1
    Create a notification for this product.
    Credits
    1935648903 (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:33:18.231606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:33:31.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "NTP Service"
              ],
              "product": "DIR-825",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "4.5.1"
                }
              ]
            },
            {
              "modules": [
                "NTP Service"
              ],
              "product": "DIR-825R",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "4.5.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "1935648903 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T03:32:49.354Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-352495 | D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.352495"
            },
            {
              "name": "VDB-352495 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.352495"
            },
            {
              "name": "Submit #775794 | D-Link DIR-825I 1.0.5 OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.775794"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-23T07:35:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-4627",
        "datePublished": "2026-03-24T03:32:49.354Z",
        "dateReserved": "2026-03-23T06:30:08.559Z",
        "dateUpdated": "2026-03-24T13:33:31.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }