CVE-2025-55581

22.08.2025, 18:15

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
mitre	CNA	---				---
CISA-ADP	ADP	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://cybermaya.in/posts/Post-42/

https://legacy.us.dlink.com/pages/product.aspx?id=f9c0458bfe7b4ff3bf7fad1cf6fcc9a1

https://www.dlink.com/en/security-bulletin/