Ethical Hacking News
D-Link has warned of three remotely exploitable command execution vulnerabilities affecting its end-of-life DIR-878 router model, highlighting the need for users to take immediate action and secure their devices.
D-Link has issued a warning about three remotely exploitable command execution vulnerabilities on its end-of-life DIR-878 router model.The vulnerabilities, published by researcher Yangyifan, have technical details and proof-of-concept exploit code available online.Users who have already purchased or obtained the DIR-878 may be at risk from these newly discovered vulnerabilities due to lack of security updates.The vulnerabilities include a remote unauthenticated command execution via SetDynamicDNSSettings, SetDMZSettings, and a stack overflow in USB storage handling.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has assessed the vulnerabilities as having a medium-severity score despite being remotely exploitable.Users are advised to apply patches or replace their DIR-878 with an actively supported product immediately.
D-Link, a well-known manufacturer of home and small office routers, has issued a warning about three remotely exploitable command execution vulnerabilities affecting its end-of-life DIR-878 router model. The vulnerabilities, which were published by researcher Yangyifan, have technical details and proof-of-concept (PoC) exploit code available online.
The DIR-878, launched in 2017 as a high-performance dual-band wireless router, has reached the end of its service life but is still available for purchase in several markets. Despite being no longer supported, D-Link recommends replacing it with an actively supported product due to the lack of security updates. However, users who have already purchased or obtained the DIR-878 may be at risk from these newly discovered vulnerabilities.
The first vulnerability, CVE-2025-60672, allows for remote unauthenticated command execution via SetDynamicDNSSettings parameters stored in NVRAM and used in system commands. The second vulnerability, CVE-2025-60673, enables remote unauthenticated command execution via SetDMZSettings and unsanitized IPAddress values injected into iptables commands. The third vulnerability, CVE-2025-60674, is a stack overflow in USB storage handling due to oversized "Serial Number" fields, which can be exploited at the physical or device level.
Yangyifan, the researcher behind the vulnerability disclosures, has made technical details and PoC exploit code publicly available for these vulnerabilities. This may allow threat actors to exploit these vulnerabilities and potentially use them as part of their arsenal in botnet attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has assessed that the vulnerabilities have a medium-severity score, despite being remotely exploitable. While the severity is considered moderate, the availability of publicly available exploit code may capture the attention of threat actors, particularly those who include such exploits in their botnet arsenals.
Recent examples of D-Link device vulnerabilities can be seen in the large-scale botnet RondoDox, which uses more than 56 known flaws affecting various devices, including some D-Link models. The Aisuru botnet has also been linked to a massive distributed denial-of-service (DDoS) attack against Microsoft's Azure network, with over 500,000 IP addresses sending traffic.
In light of these recent incidents and the ongoing availability of exploit code for these vulnerabilities, it is crucial that users take proactive measures to secure their DIR-878 routers. Users should apply these patches as soon as possible or replace their DIR-878 with an actively supported product. D-Link has not released official patches yet, but users are advised to take immediate action.
The discovery of these new vulnerabilities highlights the ongoing importance of staying informed about security updates and taking proactive steps to secure one's devices against known threats. Users must remain vigilant in protecting themselves against such risks as the threat landscape continues to evolve.
Related Information:
https://www.ethicalhackingnews.com/articles/D-Link-Warns-of-New-Remote-Code-Execution-Flaws-in-End-of-Life-DIR-878-Routers-ehn.shtml
https://www.bleepingcomputer.com/news/security/d-link-warns-of-new-rce-flaws-in-end-of-life-dir-878-routers/
https://nvd.nist.gov/vuln/detail/CVE-2025-60672
https://www.cvedetails.com/cve/CVE-2025-60672/
https://nvd.nist.gov/vuln/detail/CVE-2025-60673
https://www.cvedetails.com/cve/CVE-2025-60673/
https://nvd.nist.gov/vuln/detail/CVE-2025-60674
https://www.cvedetails.com/cve/CVE-2025-60674/
Published: Thu Nov 20 10:01:06 2025 by llama3.2 3B Q4_K_M
