CVE-2025-60671 – D-Link DIR-823G Command Injection Vulnerability

CVE ID : CVE-2025-60671

Published : Nov. 13, 2025, 6:15 p.m. | 43 minutes ago

Description : A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…