Overview A critical security vulnerability, identified as CVE-2025-60676, has been discovered in the D-Link DIR-878A1 router firmware version FW101B04.bin. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the device remotely. The flaw resides in the ‘SetNetworkSettings’ functionality within the ‘prog.cgi’ script. Technical Details The vulnerability stems from insecure handling of the ‘IPAddress’ and ‘SubnetMask’ parameters within the ‘SetNetworkSettings’ functionality of ‘prog.cgi’. These parameters are directly concatenated into shell commands without proper sanitization, which are then executed using the system() function. This allows an attacker to inject malicious commands by crafting a specific HTTP request. Since no authentication is…

Overview A critical command injection vulnerability, identified as CVE-2025-60675, has been discovered in the D-Link DIR-823G router, specifically affecting firmware version DIR823G_V1.0.2B05_20181207.bin. This vulnerability allows an attacker with write access to a specific configuration file to execute arbitrary commands on the device, potentially leading to complete system compromise. Technical Details The vulnerability resides within the timelycheck and sysconf binaries of the router’s firmware. These binaries improperly process the /tmp/new_qos.rule configuration file. The issue stems from the fact that parsed fields from this configuration file are concatenated into command strings and then executed using the system() function without proper sanitization or…

Overview CVE-2025-60674 describes a stack buffer overflow vulnerability found in the D-Link DIR-878A1 router, specifically affecting firmware version FW101B04.bin. This vulnerability resides within the rc binary’s USB storage handling module. It allows a malicious actor with physical access to the router or control over a connected USB device to potentially execute arbitrary code. Technical Details The vulnerability stems from an insecure handling of the “Serial Number” field read from a USB device. The rc binary uses sscanf to read the serial number into a 64-byte stack buffer. Simultaneously, fgets is used to read up to 127 bytes of data related…

Overview A critical unauthenticated command injection vulnerability, tracked as CVE-2025-60673, has been discovered in the D-Link DIR-878A1 router with firmware version FW101B04.bin. This flaw allows remote attackers to execute arbitrary commands on the device without authentication. This poses a significant security risk, potentially allowing attackers to take complete control of the router and connected network. Technical Details The vulnerability resides within the ‘SetDMZSettings’ functionality, specifically in the prog.cgi script. The IPAddress parameter passed to this script is stored in NVRAM. Subsequently, the librcm.so library utilizes this stored IP address to construct iptables commands. These commands are then executed through the…

Overview CVE-2025-60672 describes a critical unauthenticated command injection vulnerability found in the D-Link DIR-878A1 router, specifically affecting firmware version FW101B04.bin. This vulnerability allows a remote attacker to execute arbitrary commands on the router without any authentication, potentially leading to full device compromise. Technical Details The vulnerability lies within the ‘SetDynamicDNSSettings’ functionality of the router’s web interface, accessible via ‘prog.cgi’. The ‘ServerAddress’ and ‘Hostname’ parameters provided in an HTTP request are stored in the NVRAM (Non-Volatile Random Access Memory) without proper sanitization. Subsequently, these parameters are used by the ‘rc’ service to construct system commands. These commands are then executed using…

Overview CVE-2025-43515 is a high-severity vulnerability affecting Apple Compressor. This vulnerability allows an unauthenticated attacker on the same network as a Compressor server to execute arbitrary code. The vulnerability stems from the application’s handling of external network connections. Apple addressed this issue by refusing external connections by default in Compressor version 4.11.1. Technical Details The vulnerability exists due to Compressor’s default configuration allowing external network connections. An attacker could exploit this by crafting malicious network requests and sending them to the Compressor server. This would allow the attacker to inject and execute arbitrary code on the server. The fix implemented…

Overview CVE-2025-13123 describes a medium-severity SQL injection vulnerability found in AMTT Hotel Broadband Operation System 1.0. The vulnerability resides within the /user/portal/get_firstdate.php file, specifically affecting an unknown function that handles the uid argument. Successful exploitation of this flaw allows remote attackers to inject arbitrary SQL code, potentially leading to data breaches, unauthorized access, and other malicious activities. A public exploit is available, increasing the risk of exploitation. The vendor was contacted regarding this vulnerability but has not responded. Technical Details The vulnerability exists due to insufficient input sanitization of the uid parameter in the /user/portal/get_firstdate.php script. An attacker can craft…

Overview CVE-2025-64706 details a critical Insecure Direct Object Reference (IDOR) vulnerability found in Typebot, an open-source chatbot builder. This flaw allows an authenticated attacker to potentially delete and retrieve the API tokens of other users within the system without proper authorization. The vulnerability affects Typebot versions 3.9.0 up to, but excluding, version 3.13.0. Technical Details The IDOR vulnerability resides in the API token management endpoint of Typebot. Due to the lack of proper authorization checks, an authenticated attacker can manipulate API requests by altering the target user ID and token ID to access and delete tokens belonging to other users.…

Overview A critical command injection vulnerability, identified as CVE-2025-60701, has been discovered in the D-Link DIR-882 Router firmware version DIR882A1_FW102B02. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the affected device. This poses a significant security risk, potentially leading to complete compromise of the router and the network it serves. Technical Details The vulnerability resides in the prog.cgi and rc binaries of the firmware. Specifically, the issue stems from the way email configuration parameters are handled: The sub_433188 function within prog.cgi takes user-supplied email configuration parameters (EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName) from HTTP requests. These parameters…

Overview A critical command injection vulnerability, identified as CVE-2025-60700, has been discovered in the D-Link DIR-882 Router running firmware version DIR882A1_FW102B02. This flaw allows unauthenticated remote attackers to execute arbitrary commands on the affected device. The vulnerability resides within the `prog.cgi` and `librcm.so` binaries, specifically related to the DMZ settings. Technical Details The vulnerability stems from insufficient input sanitization when handling user-supplied data related to DMZ settings. Here’s a breakdown: The `sub_4455BC` function within `prog.cgi` stores the IP address provided by the user through the `SetDMZSettings/IPAddress` parameter in the NVRAM (Non-Volatile Random-Access Memory) using the `nvram_safe_set(“dmz_ipaddr”, …)` function. Subsequently, the…