Command Injection Vulnerability in D-Link DIR-823G Router Firmware
CVE-2025-60675

5.4MEDIUM

Key Information:

Vendor: D-Link
Status: DIR-823G Router
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-60675?

A command injection vulnerability has been identified in the firmware of the D-Link DIR-823G router. This flaw arises in the timelycheck and sysconf binaries, which handle the /tmp/new_qos.rule configuration file. When specific fields from this file are parsed and concatenated into command strings executed via the system() function, lack of proper sanitization allows attackers with write access to the configuration file to execute arbitrary commands on the device. This poses significant security risks to the network, emphasizing the need for timely remediation.

References

http://d-link.com

https://www.dlink.com/en/security-bulletin/

https://www.dlink.com/en

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Sep 26, 2025

JSON