OS Command Injection Vulnerability in D-Link DIR-825 and DIR-825R Routers
CVE-2026-4627

8.6HIGH

Key Information:

Vendor

D-link
Status
Dir-825
Dir-825r
Vendor
CVE Published:
24 March 2026

What is CVE-2026-4627?

A vulnerability exists in the D-Link DIR-825 and DIR-825R routers within the handler_update_system_time function of the NTP Service. This flaw allows remote attackers to execute arbitrary operating system commands through crafted inputs due to inadequate sanitization. Notably, this issue is critical for devices that are no longer supported by D-Link, leaving those routers vulnerable to exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DIR-825 1.0.5

DIR-825 4.5.1

DIR-825R 1.0.5

References

https://vuldb.com/?id.352495
vdb-entrytechnical-description
https://vuldb.com/?ctiid.352495
signaturepermissions-required
https://vuldb.com/?submit.775794
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

1935648903 (VulDB User)
VulDB
JSON
.