{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4627", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-23T06:30:08.559Z", "datePublished": "2026-03-24T03:32:49.354Z", "dateUpdated": "2026-03-24T13:33:31.838Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-24T03:32:49.354Z"}, "title": "D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "D-Link", "product": "DIR-825", "versions": [{"version": "1.0.5", "status": "affected"}, {"version": "4.5.1", "status": "affected"}], "modules": ["NTP Service"]}, {"vendor": "D-Link", "product": "DIR-825R", "versions": [{"version": "1.0.5", "status": "affected"}, {"version": "4.5.1", "status": "affected"}], "modules": ["NTP Service"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-23T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-23T07:35:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "1935648903 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.352495", "name": "VDB-352495 | D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352495", "name": "VDB-352495 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775794", "name": "Submit #775794 | D-Link DIR-825I 1.0.5 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T13:33:18.231606Z", "id": "CVE-2026-4627", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:33:31.838Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4627", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T13:33:18.231606Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:33:23.856Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "1935648903 (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "modules": ["NTP Service"], "product": "DIR-825", "versions": [{"status": "affected", "version": "1.0.5"}, {"status": "affected", "version": "4.5.1"}]}, {"vendor": "D-Link", "modules": ["NTP Service"], "product": "DIR-825R", "versions": [{"status": "affected", "version": "1.0.5"}, {"status": "affected", "version": "4.5.1"}]}], "timeline": [{"lang": "en", "time": "2026-03-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-23T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-23T07:35:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352495", "name": "VDB-352495 | D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352495", "name": "VDB-352495 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775794", "name": "Submit #775794 | D-Link DIR-825I 1.0.5 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-24T03:32:49.354Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4627", "state": "PUBLISHED", "dateUpdated": "2026-03-24T13:33:31.838Z", "dateReserved": "2026-03-23T06:30:08.559Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-24T03:32:49.354Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en D-Link DIR-825 y DIR-825R 1.0.5/4.5.1. Afecta a la funci\u00f3n handler_update_system_time del archivo libdeuteron_modules.so del componente Servicio NTP. La manipulaci\u00f3n resulta en inyecci\u00f3n de comandos del sistema operativo. El ataque puede ser lanzado de forma remota. Esta vulnerabilidad solo afecta a productos que ya no tienen soporte por parte del mantenedor."}], "id": "CVE-2026-4627", "lastModified": "2026-04-24T16:32:53.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-24T05:16:24.687", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352495"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352495"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.775794"}, {"source": "cna@vuldb.com", "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.0.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.5.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DIR-825", "source": "cna", "vendor": "D-Link"}, "product": "dir-825", "vendor": "d-link"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.0.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.5.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "dir-825r", "vendor": "d-link"}], "analysis": {"en": {"generated_at": "2026-03-24T06:22:09.349551+00:00", "value": {"mitigation_remediation": ["Replace the router with a supported model or newer firmware", "If replacement is not possible, disable the NTP service or block inbound NTP traffic from external networks", "Restrict network access to the device by tightening firewall rules or isolating it on a separate VLAN", "Monitor device logs for unexplained command execution or configuration changes", "Verify that future firmware versions implement proper input validation for time synchronization functions"], "summary": {"action": "Replace Device", "impact": "Remote OS command injection"}, "threat_synthesis": {"affected_systems": "The affected units are D\u2011Link DIR\u2011825 and DIR\u2011825R running firmware versions 1.0.5 and 4.5.1. These firmware releases are no longer supported by the vendor, meaning no official patch or security update is available for these legacy devices.", "description_and_impact": "The vulnerability resides in the NTP Service component of certain D\u2011Link routers and allows remote attackers to execute arbitrary operating\u2011system commands. It is triggered when the handler_update_system_time function in libdeuteron_modules.so forwards untrusted data to a system call without proper sanitization, a flaw that corresponds to CWE\u201177 and CWE\u201178. If exploited, an attacker could gain full control of the device, enabling data exfiltration, configuration changes, and the use of the router as a foothold for further network attacks.", "risk_and_exploitability": "With a CVSS score of 8.6 the vulnerability is considered high risk and can be accessed remotely without authentication. No exploit intelligence places it in the CISA KEV catalog, and EPSS data is not available, but the lack of a vendor fix combined with the remaining public exposure of the devices raises the likelihood of real\u2011world exploitation."}}}}, "created": "2026-03-24T10:29:07.128368+00:00", "updated": "2026-03-25T20:40:12.525911+00:00", "vendors": ["d-link", "d-link$PRODUCT$dir-825", "d-link$PRODUCT$dir-825r"]}