CVE-2025-60675

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G router firmware version 1.0.2B05 20181207

Description A command injection issue exists due to insufficient data sanitization when processing the /tmp/new qos.rule configuration file. The timelycheck and sysconf binaries are affected as they concatenate parsed fields from this file into command strings and execute them using the system() function. An attacker who can write to /tmp/new qos.rule can execute arbitrary commands on the device.

Recommendations Update to a newer version of the firmware that addresses this vulnerability. As a temporary workaround, restrict write access to the /tmp/new qos.rule file to prevent unauthorized modification.