CVE-2026-4627 - Vulnerability Details

- D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection

Description

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-03-24

Score: 8.6 High

EPSS: 2.0% Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the NTP Service component of certain D‑Link routers and allows remote attackers to execute arbitrary operating‑system commands. It is triggered when the handler_update_system_time function in libdeuteron_modules.so forwards untrusted data to a system call without proper sanitization, a flaw that corresponds to CWE‑77 and CWE‑78.

Affected Systems

The affected units are D‑Link DIR‑825 and DIR‑825R running firmware versions 1.0.5 and 4.5.1. These firmware releases are no longer supported by the vendor, meaning no official patch or security update is available for these legacy devices.

Risk and Exploitability

With a CVSS score of 8.6 the vulnerability is considered high risk. The description indicates that the attack may be launched remotely. The EPSS score of 2% suggests a low probability of exploitation at this time. The device is not listed in the CISA KEV catalog, and because the firmware is no longer supported, no vendor fix is available.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-825

affected

Version	Status	Constraints
`1.0.5`	affected	—
`4.5.1`	affected	—

D-Link

DIR-825R

affected

Version	Status	Constraints
`1.0.5`	affected	—
`4.5.1`	affected	—

No data.

Vendor Product Confidence Versions

D-link

Dir-825

100%

Version	Status	Scheme	Platform
`1.0.5`	affected	semver	—
`4.5.1`	affected	semver	—

D-link

Dir-825r

100%

Version	Status	Scheme	Platform
`1.0.5`	affected	semver	—
`4.5.1`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Replace the router with a supported model or newer firmware
If replacement is not possible, disable the NTP service or block inbound NTP traffic from external networks
Restrict network access to the device by tightening firewall rules or isolating it on a separate VLAN
Monitor device logs for unexplained command execution or configuration changes
Check D‑Link’s official website for firmware updates or security advisories

Generated by OpenCVE AI on June 17, 2026 at 13:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.02024.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://vuldb.com/?ctiid.352495
https://vuldb.com/?id.352495
https://vuldb.com/?submit.775794
https://www.dlink.com/

History

Tue, 24 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-825 D-link dir-825r
Vendors & Products		D-link D-link dir-825 D-link dir-825r

Tue, 24 Mar 2026 04:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Title		D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection
Weaknesses		CWE-77 CWE-78
References		https://vuldb.com/?ctiid.352495 https://vuldb.com/?id.352495 https://vuldb.com/?submit.775794 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X'}`

Subscriptions

D-link Dir-825 Dir-825r

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-24T03:32:49.354Z

Updated: 2026-03-24T13:33:31.838Z

Reserved: 2026-03-23T06:30:08.559Z

Link: CVE-2026-4627

Vulnrichment

Updated: 2026-03-24T13:33:23.856Z

NVD

Status : Deferred

Published: 2026-03-24T05:16:24.687

Modified: 2026-04-24T16:32:53.997

Link: CVE-2026-4627

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-17T13:15:04Z

Weaknesses

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object