CVE-2025-55582

low-risk

Published 2025-08-27

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.6/10 Medium

PHYSICAL / LOW complexity

Affected Products (1)

Dcs-825L Firmware

Affected Vendors

Dlink

References (3)

Exploit https://cybermaya.in/posts/Post-43/

Product https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10431

Not Applicable https://www.dlink.com/en/security-bulletin/

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal