D-Link DIR-825/825R OS Command Injection Vulnerability (CVE-2026-4627)
CVE-2026-4627 is an OS command injection vulnerability in the handler_update_system_time function of the libdeuteron_modules.so file in the NTP Service component of D-Link DIR-825 and DIR-825R devices, which can be exploited remotely by authenticated attackers.
CVE-2026-4627 is an OS command injection vulnerability affecting D-Link DIR-825 and DIR-825R routers, specifically versions 1.0.5 and 4.5.1. The vulnerability resides within the handler_update_system_time function of the libdeuteron_modules.so file, which is part of the NTP service. An attacker with administrative privileges can inject arbitrary OS commands by manipulating the input to this function. The vulnerability can be exploited remotely, allowing a threat actor to potentially gain…
Detection coverage 2
Detect Outbound Network Connection from libdeuteron_modules.so
highDetects outbound network connections from the libdeuteron_modules.so library, which may indicate exploitation of CVE-2026-4627
Detect Suspicious Process Creation from NTP Service
mediumDetects suspicious process creation events originating from the NTP service which may indicate command injection.
Detection queries are kept inside the platform. Get full rules →