D-Link DIR-825/825R OS Command Injection in NTP Service (v4.5.1)
CVE-2026-4627 Published on March 24, 2026
D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2026-4627 has been classified to as a Shell injection vulnerability or weakness.
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2026-4627 has been classified to as a Command Injection vulnerability or weakness.
Affected Versions
D-Link DIR-825:- Version 1.0.5 is affected.
- Version 4.5.1 is affected.
- Version 1.0.5 is affected.
- Version 4.5.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.