CVE-2025-60673 — Command Injection in Dlink Dir-878 Firmware

CWE-77 — Command Injection4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 59.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-878 Firmware

Timeline

PublishedNov 13

Latest updateNov 20

Description

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

▶NVDdlink/dir-878_firmware1.01b04

🔴Vulnerability Details

CVEList

CVE-2025-60673: An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04↗2025-11-13

▶

GHSA

GHSA-57hx-mrq2-ccp9: An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04↗2025-11-13

▶

🕵️Threat Intelligence

Bleepingcomputer

D-Link warns of new RCE flaws in end-of-life DIR-878 routers↗2025-11-20

▶