EUVD-2026-14736
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
An OS command injection vulnerability exists in D-Link DIR-825 and DIR-825R routers running firmware versions 1.0.5 and 4.5.1 respectively. The flaw resides in the handler_update_system_time function within the libdeuteron_modules.so library of the NTP Service component, allowing authenticated attackers with high privileges to execute arbitrary operating system commands remotely. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all DIR-825 and DIR-825R routers in production and document their network locations and criticality. Within 7 days: Implement network segmentation to isolate affected routers and restrict administrative access to trusted networks only; disable NTP service configuration features if not essential. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today