Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device.

Published

2025-11-13T19:15:48.420

Last Modified

2025-11-17T19:04:49.447

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-823g_firmware	1.0.2b05_20181207	Yes
Hardware	dlink	dir-823g	-	No

References

http://d-link.com Product ([email protected])
https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-823G/CVE-2025-60675.md Exploit, Third Party Advisory ([email protected])
https://www.dlink.com/en Product ([email protected])
https://www.dlink.com/en/security-bulletin/ Vendor Advisory ([email protected])