https://feed.craftedsignal.io/tags/legacy-device/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 24 Mar 2026 05:16:24 +0000https://feed.craftedsignal.io/briefs/2026-03-dlink-command-injection/Tue, 24 Mar 2026 05:16:24 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-dlink-command-injection/CVE-2026-4627 is an OS command injection vulnerability in the handler_update_system_time function of the libdeuteron_modules.so file in the NTP Service component of D-Link DIR-825 and DIR-825R devices, which can be exploited remotely by authenticated attackers.CVE-2026-4627 is an OS command injection vulnerability affecting D-Link DIR-825 and DIR-825R routers, specifically versions 1.0.5 and 4.5.1. The vulnerability resides within the handler_update_system_time function of the libdeuteron_modules.so file, which is part of the NTP service. An attacker with administrative privileges can inject arbitrary OS commands by manipulating the input to this function. The vulnerability can be exploited remotely, allowing a threat actor to potentially gain…

]]>highadvisorycommand-injectionrouterlegacy-device