3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets.
Technical details and proof-of-concept (PoC) exploit code demonstrating the vulnerabilities have been published by a researcher using the name Yangyifan.
Typically used in homes and small offices, the DIR-878 was hailed as a high-performance dual-band wireless router when it launched in 2017.
Even if the device is no longer supported, it can still be purchased new or used for prices between $75 and $122.
However, as DIR-878 has reached end-of-life (EoL) in 2021, D-Link warned that it will not release security updates for this model and recommends replacing it with an actively supported product.
In total, D-Link's security advisory lists four vulnerabilities, only one of them requiring physical access or control over a USB device for exploitation.
- CVE-2025-60672 – Remote unauthenticated command execution via SetDynamicDNSSettings parameters stored in NVRAM and used in system commands.
- CVE-2025-60673 – Remote unauthenticated command execution via SetDMZSettings and unsanitized IPAddress value injected into iptables commands.
- CVE-2025-60674 – Stack overflow in USB storage handling due to oversized “Serial Number” field (physical or USB-device-level attack).
- CVE-2025-60676 – Arbitrary command execution via unsanitized fields in /tmp/new_qos.rule, processed by binaries using system().
Despite being remotely exploitable, and exploit code already publicly available, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has assessed that the vulnerabilities have a medium-severity score.
However, a publicly available exploit typically captures threat actors' attention, especially botnet operators, who usually include them in their arsenal to expand targeting.
For instance, the large-scale botnet RondoDox uses more than 56 known flaws, some affecting D-Link devices, and keeps adding more of them.
More recently, BleepingComputer reported on the Aisuru botnet, which launched a massive distributed denial-of-service (DDoS) attack against Microsoft's Azure network, sending 15.72 terabits per second (Tbps) from over 500,000 IP addresses.
Hope you enjoyed this news post. Feedback welcome.
Posted Friday 21 November 2025 at 3:42 am AEST (my time).
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.