CVE Catalog

CVE-2025-60673

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
3.45%

88th percentile - higher than 88% of all known CVEs

Summary

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.

Risk Assessment

The risk for the organization includes full compromise of the router, potentially allowing the attacker to intercept network traffic, modify configurations, or use the device as an entry point into the internal network.

Recommendation

Immediately update the D-Link DIR-878A1 router firmware to the latest version if a patch is available. If no update is available, disable the DMZ feature or restrict access to the management interface to trusted IP addresses only.

Original NVD description (English source)

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS