Overview
A critical unauthenticated command injection vulnerability, tracked as CVE-2025-60673, has been discovered in the D-Link DIR-878A1 router with firmware version FW101B04.bin. This flaw allows remote attackers to execute arbitrary commands on the device without authentication. This poses a significant security risk, potentially allowing attackers to take complete control of the router and connected network.
Technical Details
The vulnerability resides within the ‘SetDMZSettings’ functionality, specifically in the prog.cgi script. The IPAddress parameter passed to this script is stored in NVRAM. Subsequently, the librcm.so library utilizes this stored IP address to construct iptables commands. These commands are then executed through the twsystem() function.
An attacker can exploit this by sending a specially crafted HTTP request to the router, injecting malicious commands into the IPAddress parameter. Because the input is not properly sanitized, these injected commands are executed with elevated privileges, granting the attacker complete control.
The exploit doesn’t require authentication, making it easily exploitable by anyone with network access to the router.
CVSS Analysis
While the provided data indicates the CVSS score as N/A, given the unauthenticated remote command execution capability, this vulnerability would typically be classified as Critical with a CVSS score approaching 10.0. A proper CVSS assessment should be performed to confirm the exact score.
Possible Impact
The successful exploitation of CVE-2025-60673 can lead to severe consequences, including:
- Complete Router Compromise: Attackers can gain full control over the router.
- Network Hijacking: Attackers can redirect network traffic, perform man-in-the-middle attacks, and steal sensitive information.
- Malware Distribution: The router can be used to spread malware to connected devices.
- Denial of Service: Attackers can disrupt network services and cause the router to become unresponsive.
- Data Theft: Attackers can access and steal sensitive data stored on the network or transmitted through the router.
Mitigation or Patch Steps
The primary mitigation step is to update the router’s firmware to a patched version that addresses this vulnerability. D-Link is expected to release a security update. Check the D-Link support website regularly for updates.
- Check for Firmware Updates: Visit the D-Link support website (https://www.dlink.com/en) and download the latest firmware for your DIR-878A1 router.
- Apply the Firmware Update: Follow the instructions provided by D-Link to update the router’s firmware.
- Disable Remote Management: As a temporary mitigation (if a patch is not yet available), disable remote management access to the router. This can reduce the attack surface.
- Monitor Network Traffic: Keep an eye on your network traffic for any suspicious activity.
