Unrated severityNVD Advisory· Published Nov 13, 2025· Updated Nov 14, 2025

CVE-2025-60671

Description

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device.

Affected products

D-Link/DIR-823G routerdescription
Dlink/DIR-823Gllm-fuzzy
Range: = DIR823G_V1.0.2B05_20181207.bin

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

d-link.commitre
github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-823G/CVE-2025-60671.mdmitre
www.dlink.com/enmitre
www.dlink.com/en/security-bulletin/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000