ByteOS Network

NVD Vulnerability Details :

CVE-2025-55582

Received

Source-cve@mitre.org

Published At-27 Aug, 2025 | 20:15

Updated At-29 Aug, 2025 | 14:15

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-269	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-494	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://cybermaya.in/posts/Post-43/	cve@mitre.org	N/A
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10431	cve@mitre.org	N/A
https://www.dlink.com/en/security-bulletin/	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History