CVE-2025-60671

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G router firmware version DIR823G V1.0.2B05 20181207.bin

Description A command injection issue exists in the D-Link DIR-823G router firmware. The timelycheck and sysconf binaries process the /var/system/linux vlan reinit file. The issue arises because content read from this file undergoes only partial validation of a prefix and is then formatted using the vsnprintf() function before being executed with system(). This allows an attacker with write access to /var/system/linux vlan reinit to execute arbitrary commands on the device. The vulnerable components are timelycheck and sysconf.

Recommendations Update to a newer version of the D-Link DIR-823G router firmware that addresses this issue. As a temporary workaround, restrict write access to the /var/system/linux vlan reinit file to prevent unauthorized command execution.