CVE-2025-55582

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: D-Link DCS-825L firmware versions prior to 1.09.02

Description: The D-Link DCS-825L firmware contains a flaw in the watchdog script mydlink-watch-dog.sh. This script blindly respawns binaries, including dcp and signalc, without verifying their integrity, authenticity, or permissions. An attacker with local filesystem access can replace these binaries with malicious payloads. The script then executes these binaries as root in a continuous loop, resulting in persistent privilege escalation and arbitrary code execution.

Recommendations: Update to firmware version 1.09.02 or later.

Exploit

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-494

Related Identifiers

BDU:2025-12530

CVE-2025-55582

Affected Products

Dcs-825L

CVE-2025-55582

Weakness Enumeration

Related Identifiers

Affected Products

References · 12