CVE-2026-4627 HIGH

CVE-2026-4627: D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection

Vendor D-Link

Product DIR-825

Weakness CWE-78

Published March 24, 2026

Last update March 24, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

March 24, 2026 CVE published

March 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-4627 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2026-4627

CWE CWE-78

CVSS 8.6 / HIGH

Affected versions

Vendor D-Link

Product DIR-825

Affected 1.0.5

Vendor D-Link

Product DIR-825

Affected 4.5.1

Vendor D-Link

Product DIR-825R

Affected 1.0.5

Vendor D-Link

Product DIR-825R

Affected 4.5.1

CVE-2026-4627: D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection

01Description

02Disclosure timeline

03References

04Related CVE