CVE-2025-60673 – This CVE describes an unauthenticated command i... (How to Fix)

Q: What is the severity of CVE-2025-60673?

CVE-2025-60673 has a CVSS score of 6.5 (MEDIUM). This CVE describes an unauthenticated command injection vulnerability in D-Link DIR-878A1 router firmware that allows remote attackers to execute arbitrary commands on affected devices. Attackers can exploit this by sending specially crafted HTTP requests to the router's web interface without needing credentials. All users of affected D-Link DIR-878A1 routers with vulnerable firmware are at risk.

📋 TL;DR

This CVE describes an unauthenticated command injection vulnerability in D-Link DIR-878A1 router firmware that allows remote attackers to execute arbitrary commands on affected devices. Attackers can exploit this by sending specially crafted HTTP requests to the router's web interface without needing credentials. All users of affected D-Link DIR-878A1 routers with vulnerable firmware are at risk.

💻 Affected Systems

Products:

D-Link DIR-878A1

Versions: Firmware version FW101B04.bin and likely earlier versions

Operating Systems: Embedded Linux on D-Link routers

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the default DMZ settings functionality and requires no special configuration to be exploitable.

📦 What is this software?

Dir 878 Firmware by Dlink

View all CVEs affecting Dir 878 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent backdoors, intercept all network traffic, pivot to internal networks, or brick the device.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft, man-in-the-middle attacks, and botnet recruitment.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal threats remain.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices and the exploit requires no authentication.

🏢 Internal Only: HIGH - Even if not internet-facing, any internal attacker can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is publicly available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: Yes

Instructions:

1. Check D-Link security bulletins for patch availability. 2. If patch exists, download from D-Link support site. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Log into router admin → Advanced → Remote Management → Disable

Disable DMZ Functionality

all

Turn off DMZ feature that contains the vulnerable code

Log into router admin → Advanced → DMZ → Disable

🧯 If You Can't Patch

Replace vulnerable router with different model or manufacturer
Place router behind dedicated firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under Status → Firmware. If version is FW101B04.bin or earlier, assume vulnerable.

Check Version:

curl -s http://router-ip/status.cgi | grep Firmware

Verify Fix Applied:

After patching, verify firmware version shows newer than FW101B04.bin and test DMZ functionality with safe input.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to prog.cgi with DMZ parameters
Suspicious iptables commands in system logs
Multiple failed login attempts followed by DMZ configuration changes

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Unexpected port openings on router

SIEM Query:

source="router-logs" AND (uri="/prog.cgi" AND params="SetDMZSettings") AND (src_ip NOT IN [trusted_networks])

📊 Metadata

CVE ID: CVE-2025-60673

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-77

EPSS Score: 0.32% exploit probability (54.3th percentile)

Published: November 13, 2025

Last Updated: November 17, 2025

🔗 References

http://d-link.com Product
https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-878/CVE-2025-60673.md Exploit,Third Party Advisory
https://www.dlink.com/en Product
https://www.dlink.com/en/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60673, you might also want to check these: