Overview
A critical command injection vulnerability, identified as CVE-2025-60675, has been discovered in the D-Link DIR-823G router, specifically affecting firmware version DIR823G_V1.0.2B05_20181207.bin. This vulnerability allows an attacker with write access to a specific configuration file to execute arbitrary commands on the device, potentially leading to complete system compromise.
Technical Details
The vulnerability resides within the timelycheck and sysconf binaries of the router’s firmware. These binaries improperly process the /tmp/new_qos.rule configuration file. The issue stems from the fact that parsed fields from this configuration file are concatenated into command strings and then executed using the system() function without proper sanitization or input validation. This lack of sanitization allows an attacker to inject arbitrary commands into the executed string.
Specifically, an attacker who can write to the /tmp/new_qos.rule file can craft malicious input that, when processed, will inject and execute shell commands with root privileges on the router.
Example scenario:
# Malicious content for /tmp/new_qos.rule
rule_name=test; touch /tmp/pwned;
When the router processes this (simplified) example, it could potentially execute system("command parsed from rule_name");, leading to the execution of touch /tmp/pwned.
CVSS Analysis
Currently, a CVSS score is not available for CVE-2025-60675. However, given the nature of a command injection vulnerability that allows for arbitrary code execution, it is highly likely to be classified as Critical once assigned. This is due to the potential for complete system compromise.
Possible Impact
The potential impact of this vulnerability is severe. An attacker could:
- Gain complete control of the router.
- Modify router configurations, including DNS settings, potentially redirecting traffic to malicious sites.
- Install malware on the router, turning it into a botnet node.
- Monitor network traffic passing through the router.
- Use the compromised router as a pivot point to attack other devices on the network.
Mitigation and Patch Steps
To mitigate the risk associated with CVE-2025-60675, it is strongly recommended to:
- Check for a Firmware Update: Visit the D-Link support website (https://www.dlink.com/en) and download the latest firmware version for the DIR-823G router. Apply the update according to the instructions provided by D-Link.
- Monitor D-Link Security Bulletins: Regularly check D-Link’s security bulletin page (https://www.dlink.com/en/security-bulletin/) for updates regarding this and other vulnerabilities.
- Restrict Access: Ensure that only authorized users have access to the router’s configuration interface. Change the default administrator password to a strong, unique password.
- Disable Remote Management: If you do not need remote access to the router’s configuration, disable it.
Note: It is critical to keep your router’s firmware up-to-date to protect against known vulnerabilities.
