Details of VAR-202508-2566

ID

VAR-202508-2566

CVE

CVE-2025-55582

TITLE

D-Link Corporation of DCS-825L Privilege management vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-013522

DESCRIPTION

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported. D-Link Corporation of DCS-825L The firmware contains vulnerabilities related to permission management and insufficient integrity verification of downloaded code.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-55582 // JVNDB: JVNDB-2025-013522

AFFECTED PRODUCTS

vendor:	dlink	model:	dcs-825l	scope:	eq	version:	1.08.01	Trust: 1.0
vendor:	d link	model:	dcs-825l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dcs-825l	scope:	eq	version:	dcs-825l firmware 1.08.01	Trust: 0.8
vendor:	d link	model:	dcs-825l	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-013522 // NVD: CVE-2025-55582

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55582
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-013522
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55582
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-013522
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-013522 // NVD: CVE-2025-55582

PROBLEMTYPE DATA

problemtype:	CWE-494	Trust: 1.0
problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [ others ]	Trust: 0.8
problemtype:	Incomplete integrity verification of downloaded code (CWE-494) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-013522 // NVD: CVE-2025-55582

EXTERNAL IDS

db:	NVD	id:	CVE-2025-55582	Trust: 2.6
db:	DLINK	id:	SAP10431	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-013522	Trust: 0.8

sources: JVNDB: JVNDB-2025-013522 // NVD: CVE-2025-55582

REFERENCES

url:	https://cybermaya.in/posts/post-43/	Trust: 1.8
url:	https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10431	Trust: 1.8
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-55582	Trust: 0.8

sources: JVNDB: JVNDB-2025-013522 // NVD: CVE-2025-55582

SOURCES

db:	JVNDB	id:	JVNDB-2025-013522
db:	NVD	id:	CVE-2025-55582

LAST UPDATE DATE

2025-09-11T23:45:08.208000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-013522	date:	2025-09-10T00:54:00
db:	NVD	id:	CVE-2025-55582	date:	2025-09-09T15:20:32.867

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-013522	date:	2025-09-10T00:00:00
db:	NVD	id:	CVE-2025-55582	date:	2025-08-27T20:15:33.113