What vulnerabilities were discovered in D-Link DIR-878 routers?

Multiple critical vulnerabilities were discovered in D-Link DIR-878 routers, including CVE-2025-60672 and CVE-2025-60673 (both CVSS 9.8), which are unauthenticated command injection flaws in SetDynamicDNSSettings and SetDMZSettings. CVE-2025-60674 (CVSS 8.4) is a stack buffer overflow in USB storage handling, and CVE-2025-60676 (CVSS 6.5) is a command injection vulnerability in configuration file processing.

Are proof-of-concept exploits available for the D-Link vulnerabilities?

Yes, proof-of-concept exploits have already been published for CVE-2025-60672 and CVE-2025-60673, the two critical command injection vulnerabilities with CVSS scores of 9.8, making these flaws particularly dangerous.

Will D-Link release security patches for the DIR-878 vulnerabilities?

No, D-Link will not release security patches or provide technical support for these vulnerabilities. The DIR-878 router reached its End-of-Life and End-of-Service status on January 31, 2021, meaning it no longer receives updates.

Which D-Link router models and versions are affected?

All hardware revisions and firmware versions of the D-Link DIR-878 router are affected by these vulnerabilities. The device has been discontinued and no longer receives security updates.

What should D-Link DIR-878 users do to protect themselves?

D-Link strongly recommends that all users immediately discontinue use of DIR-878 devices and transition to current-generation products that receive ongoing security updates. Until devices are replaced, users should isolate these routers from untrusted networks and the internet and implement restrictive firewall rules.

Advisory

Multiple vulnerabilities reported in End-of-Life D-Link DIR-878 routers, two unauthenticated command injection

published: Nov. 19, 2025

Take action: If you have D-Link DIR-878 routers, be aware that they have critical flaws and the exploit code is available. Hackers will automate attacks on them in a matter of days. Immediately isolate them from the internet and untrusted networks and plan to replace them soon.

Learn More

D-Link is reporting multiple critical and high-severity vulnerabilities in its DIR-878 router across all hardware revisions and firmware versions.

Vulnerabilities summary

CVE-2025-60672 (CVSS score 9.8) - An unauthenticated command injection vulnerability in the SetDynamicDNSSettings functionality, where the ServerAddress and Hostname parameters in prog.cgi are stored in NVRAM and later used by rc to construct system commands executed via twsystem(). The PoC exploit is already published.
CVE-2025-60673 (CVSS score 9.8) - An unauthenticated command injection vulnerability in the SetDMZSettings functionality, where the IPAddress parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). As with the previous a PoC exploit is already published.
CVE-2025-60674 (CVSS score 8.4) - A stack buffer overflow vulnerability in the rc binary's USB storage handling module. The vulnerability occurs when the Serial Number field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access to or control over a USB device can exploit this vulnerability to execute arbitrary code on the device.
CVE-2025-60676 (CVSS score 6.5) - A command injection vulnerability affecting the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device.

The DIR-878 router reached its End-of-Life (EOL) and End-of-Service (EOS) status on January 31, 2021. D-Link will not release security patches or provide technical support for these vulnerabilities. The company strongly recommends that all users immediately discontinue use of these devices and transition to current-generation products that receive ongoing security updates and technical support.

Until devices are replaced, users should isolate these routers from untrusted networks and the internet and implement restrictive firewall rules.

Multiple vulnerabilities reported in End-of-Life D-Link DIR-878 routers, two unauthenticated command injection

Read More
Critical vulnerability in OpenVPN Windows driver enables system …
Apache Hadoop and Flink misconfigurations used to install …
Critical remote code execution flaw reported in PyTorch …
Devolutions reports critical flaw in Remote Desktop Manager
Cisco BroadWorks reports critical authentication bypass vulnerability