CVE-2026-4627
Received Received - Intake
OS Command Injection in D-Link NTP Service (libdeuteron_modules.so

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: VulDB

Description
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4627
EUVD
EUVD-2026-14736
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
d-link dir-825 1.0.5
d-link dir-825r 4.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the NTP Service component of D-Link DIR-825 and DIR-825R devices, specifically in the function handler_update_system_time within the file libdeuteron_modules.so.

It allows an attacker to perform OS command injection by manipulating this function, potentially enabling remote code execution.

The affected products are no longer supported by the maintainer.

Impact Analysis

This vulnerability can have a significant impact as it allows remote attackers to inject operating system commands.

Successful exploitation could lead to full compromise of the affected device, including unauthorized control over its functions and data.

Given the high CVSS scores (7.2 to 8.6), the impact includes confidentiality, integrity, and availability being severely affected.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4627. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart