Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-55582

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Aug, 2025 | 00:00
Updated At-29 Aug, 2025 | 13:50
Rejected At-
Credits

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Aug, 2025 | 00:00
Updated At:29 Aug, 2025 | 13:50
Rejected At:
▼CVE Numbering Authority (CNA)

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dlink.com/en/security-bulletin/
N/A
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10431
N/A
https://cybermaya.in/posts/Post-43/
N/A
Hyperlink: https://www.dlink.com/en/security-bulletin/
Resource: N/A
Hyperlink: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10431
Resource: N/A
Hyperlink: https://cybermaya.in/posts/Post-43/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-494CWE-494 Download of Code Without Integrity Check
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-494
Description: CWE-494 Download of Code Without Integrity Check
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Aug, 2025 | 20:15
Updated At:29 Aug, 2025 | 14:15

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-494Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-494
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cybermaya.in/posts/Post-43/cve@mitre.org
N/A
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10431cve@mitre.org
N/A
https://www.dlink.com/en/security-bulletin/cve@mitre.org
N/A
Hyperlink: https://cybermaya.in/posts/Post-43/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10431
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.dlink.com/en/security-bulletin/
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2021-1371
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 6.04%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:15
Updated-08 Nov, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-1111x_integrated_services_router4321_integrated_services_router4431_integrated_services_router1160_integrated_services_routercloud_services_router_1000vasr_10001100_integrated_services_router4221_integrated_services_router1120_integrated_services_router4331_integrated_services_router4461_integrated_services_routerios_xe_sd-wan1101_integrated_services_router1109_integrated_services_router4451_integrated_services_router111x_integrated_services_router4351_integrated_services_routerCisco IOS XE Software
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1646
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-19 Nov, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WLAN Service Elevation of Privilege Vulnerability

Windows WLAN Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-44540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 00:00
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port.

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-n/aairmax_firmware
CWE ID-CWE-269
Improper Privilege Management
Details not found