CVE-2025-60698 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-60698?

CVE-2025-60698 has a CVSS score of 7.3 (HIGH). This CVE describes a command injection vulnerability in D-Link DIR-882 router firmware that allows unauthenticated remote attackers to execute arbitrary commands on the device. Attackers can exploit this by sending specially crafted HTTP requests to the router's web interface. All users of affected DIR-882 routers with vulnerable firmware are at risk.

📋 TL;DR

This CVE describes a command injection vulnerability in D-Link DIR-882 router firmware that allows unauthenticated remote attackers to execute arbitrary commands on the device. Attackers can exploit this by sending specially crafted HTTP requests to the router's web interface. All users of affected DIR-882 routers with vulnerable firmware are at risk.

💻 Affected Systems

Products:

D-Link DIR-882 Router

Versions: Firmware version DIR882A1_FW102B02

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration. Web interface must be accessible (typically on port 80/443).

📦 What is this software?

Dir 882 Firmware by Dlink

View all CVEs affecting Dir 882 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent malware, pivot to internal networks, intercept all network traffic, or brick the device.

🟠

Likely Case

Attackers gain shell access to execute commands, potentially installing backdoors, modifying router settings, or using the device for botnet activities.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access, though internal attackers could still exploit.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires sending HTTP requests to specific endpoints with crafted parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: Yes

Instructions:

1. Check D-Link security bulletin for patch availability. 2. If patch exists, download from D-Link support site. 3. Log into router web interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Restrict Web Interface Access

linux

Use firewall rules to limit access to router management interface

iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace affected router with different model or vendor
Place router behind dedicated firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System > Firmware. If version is DIR882A1_FW102B02, device is vulnerable.

Check Version:

curl -s http://router-ip/status.cgi | grep Firmware

Verify Fix Applied:

After updating, verify firmware version has changed from DIR882A1_FW102B02 to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /prog.cgi with SysLogRemote_IPAddress parameter
Shell command execution from web interface processes
Unexpected system processes spawned from httpd

Network Indicators:

HTTP requests containing shell metacharacters in parameters
Outbound connections from router to unexpected destinations

SIEM Query:

source="router-logs" AND (url="/prog.cgi" AND param="SysLogRemote_IPAddress" AND value MATCHES "[;&|`$()]+")

📊 Metadata

CVE ID: CVE-2025-60698

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.5% exploit probability (65.4th percentile)

Published: November 13, 2025

Last Updated: November 17, 2025

🔗 References

https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-882/2.md Broken Link
https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-882/CVE-2025-60698.md Exploit,Third Party Advisory
https://www.dlink.com/ Product
https://www.dlink.com/en/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60698, you might also want to check these: