CVE-2026-4627
Received Received - Intake
OS Command Injection in D-Link NTP Service (libdeuteron_modules.so

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: VulDB

Description
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-05-07
AI Q&A
2026-03-24
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4627
EUVD
EUVD-2026-14736
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
d-link dir-825 1.0.5
d-link dir-825r 4.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the NTP Service component of D-Link DIR-825 and DIR-825R devices, specifically in the function handler_update_system_time within the file libdeuteron_modules.so.

It allows an attacker to perform OS command injection by manipulating this function, potentially enabling remote code execution.

The affected products are no longer supported by the maintainer.


How can this vulnerability impact me? :

This vulnerability can have a significant impact as it allows remote attackers to inject operating system commands.

Successful exploitation could lead to full compromise of the affected device, including unauthorized control over its functions and data.

Given the high CVSS scores (7.2 to 8.6), the impact includes confidentiality, integrity, and availability being severely affected.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart