CVE-2025-60672

Published Nov 13, 2025

Last updated 4 months ago

CVSS medium 6.5

Overview

Description
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to construct system commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.
Source
cve@mitre.org
NVD status
Analyzed
Products
dir-878_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
2.5
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-77

Social media

Hype score
Not currently trending

  1. csirt_it: ‼ #D-Link: disponibili #PoC per lo sfruttamento delle CVE-2025-60672, CVE-2025-60673, CVE-2025-60674 e CVE-2025-60676 che interessano il #router DIR-878 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔸 Arbitrary Code Execution 🔗 … https://t.co/sCJZ5Niu

    @Vulcanux_

    19 Nov 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ‼ #D-Link: disponibili #PoC per lo sfruttamento delle CVE-2025-60672, CVE-2025-60673, CVE-2025-60674 e CVE-2025-60676 che interessano il #router DIR-878 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔸 Arbitrary Code Execution 🔗 https://t.co/9ShXXMYajN https://t.c

    @csirt_it

    19 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-60672 An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings… https://t.co/RbnhcKZztL

    @CVEnew

    13 Nov 2025

    189 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-60672 Unauthenticated Command Injection in D-Link DIR-878A1 Rou... https://t.co/oP2pV3IBO2 Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd

    @VulmonFeeds

    13 Nov 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed via system(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.CVE-2025-60676
  2. A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access or control over a USB device can exploit this vulnerability to potentially execute arbitrary code on the device.CVE-2025-60674
  3. An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.CVE-2025-60673
  4. A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVE-2025-0481
  5. D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.CVE-2024-48638

References

Sources include official advisories and independent security research.