CVE-2025-60674 – A stack buffer overflow vulnerability in D-Link... (How to Fix)

Q: What is the severity of CVE-2025-60674?

CVE-2025-60674 has a CVSS score of 6.8 (MEDIUM). A stack buffer overflow vulnerability in D-Link DIR-878A1 router firmware allows attackers with physical access or control over a USB device to potentially execute arbitrary code. The vulnerability occurs when reading USB device serial numbers, enabling local privilege escalation or device compromise. Only users of the specific router model with vulnerable firmware are affected.

📋 TL;DR

A stack buffer overflow vulnerability in D-Link DIR-878A1 router firmware allows attackers with physical access or control over a USB device to potentially execute arbitrary code. The vulnerability occurs when reading USB device serial numbers, enabling local privilege escalation or device compromise. Only users of the specific router model with vulnerable firmware are affected.

💻 Affected Systems

Products:

D-Link DIR-878A1

Versions: Firmware version FW101B04.bin

Operating Systems: Embedded Linux-based router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default USB handling functionality; no special configuration required for exploitation.

📦 What is this software?

Dir 878 Firmware by Dlink

View all CVEs affecting Dir 878 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root-level arbitrary code execution, allowing persistent backdoor installation, network traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Local privilege escalation leading to router configuration modification, credential theft, or denial of service through device crashes.

🟢

If Mitigated

Limited impact if USB ports are physically secured and untrusted USB devices are prohibited, though physical access remains a risk.

🌐 Internet-Facing: LOW - Requires physical USB access or control over a connected USB device, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Physical access to router or control over connected USB storage devices enables exploitation within premises.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires physical USB device manipulation or malicious USB device insertion; proof-of-concept details are publicly available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: Yes

Instructions:

1. Check D-Link security bulletin for firmware updates. 2. Download latest firmware from D-Link support site. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable USB functionality

all

Prevent USB storage mounting to eliminate attack vector

# Access router admin interface
# Navigate to USB settings
# Disable USB storage support

Physical USB port protection

all

Physically secure router and block USB port access

# Use physical locks or enclosures
# Apply USB port blockers

🧯 If You Can't Patch

Physically secure router in locked cabinet with restricted access
Implement strict policy prohibiting untrusted USB devices and regularly audit connected devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or Firmware Update section

Check Version:

# Login to router admin web interface and check firmware version

Verify Fix Applied:

Verify firmware version is newer than FW101B04.bin after update

📡 Detection & Monitoring

Log Indicators:

Unusual USB device connection logs
rc binary crashes or abnormal restarts
Memory corruption warnings in system logs

Network Indicators:

Sudden router configuration changes
Unexpected network traffic patterns from router

SIEM Query:

source="router_logs" AND ("USB" OR "rc" OR "buffer") AND ("overflow" OR "crash" OR "corruption")

📊 Metadata

CVE ID: CVE-2025-60674

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.05% exploit probability (16.2th percentile)

Published: November 13, 2025

Last Updated: November 17, 2025

🔗 References

http://d-link.com Product
https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-878/CVE-2025-60674.md Exploit,Third Party Advisory
https://www.dlink.com/en Product
https://www.dlink.com/en/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60674, you might also want to check these: