Name of the Vulnerable Software and Affected Versions:

D-Link DCS-825L firmware versions prior to 1.09.02

Description:

The D-Link DCS-825L firmware contains a flaw in the watchdog script `mydlink-watch-dog.sh`. This script blindly respawns binaries, including `dcp` and `signalc`, without verifying their integrity, authenticity, or permissions. An attacker with local filesystem access can replace these binaries with malicious payloads. The script then executes these binaries as root in a continuous loop, resulting in persistent privilege escalation and arbitrary code execution.

Recommendations:

Update to firmware version 1.09.02 or later.