The vulnerabilities allow remote attackers to gain complete control of affected routers without requiring authentication.
Two of the most severe vulnerabilities (CVE-2025-60672 and CVE-2025-60673) involve command injection flaws in the program’s CGI web interface.
Attackers can craft specially designed HTTP requests targeting the SetDynamicDNSSettings and SetDMZSettings functionality to execute arbitrary commands on the device.
D-Link discovered the first flaw, which exploits improper handling of the ServerAddress and Hostname parameters, stored in NVRAM without sanitization.
The second vulnerability affects the IPAddress parameter in DMZ settings, which is similarly used without validation by the librcm.so library.
Both issues carry critical CVSS scores of 9.8, meaning remote attackers can execute code without authentication or user interaction.
| CVE ID | Vulnerability Type | CVSS Score | Attack Vector | Impact |
|---|---|---|---|---|
| CVE-2025-60672 | Command Injection | 9.8 (Critical) | Network/No Auth Required | Remote Code Execution |
| CVE-2025-60673 | Command Injection | 9.8 (Critical) | Network/No Auth Required | Remote Code Execution |
| CVE-2025-60674 | Stack Buffer Overflow | 8.5 (High) | Physical Access/USB | Arbitrary Code Execution |
| CVE-2025-60676 | Command Injection | 8.5 (High) | Local/Write Access to /tmp | Arbitrary Command Execution |
CVE-2025-60674 describes a stack buffer overflow in the rc binary’s USB storage-handling module, triggered when USB device serial numbers are improperly read.
This vulnerability requires physical access or control over a USB device but allows arbitrary code execution on the router. CVE-2025-60676 affects the timelycheck and sysconf binaries, permitting attackers with write access to/tmp/new_qos.
The rule file has a flaw that lets attackers run unwanted commands because the system joins text together without checking it. D-Link strongly recommends that users upgrade to current-generation products or immediately perform comprehensive data backups.
Organizations deploying DIR-878 routers should isolate these devices from untrusted networks and implement restrictive firewall rules.
D-Link’s advisory emphasizes that end-of-life products may harm other connected devices, and continued use poses significant security risks.
Users unable to upgrade should ensure devices run the latest available firmware and maintain strong, unique administrative passwords with Wi-Fi encryption enabled.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code Execution Attacks appeared first on Cyber Security News.
Editor’s Note: The Abilene Police Department supplied the following arrest and incident reports. All information…
ABILENE, Texas (KTAB/KRBC) - Two restaurants have closed at the Mall of Abilene as several…
(KTAB/KRBC) - Early voting for city and school general elections in May is now underway.…
If you're craving big flavor and a true West Texas experience, a trip to Rowena…
Apple has announced that CEO Tim Cook is stepping down. The tech giant revealed the…
This website uses cookies.