D-Hyperlink is warning of three remotely exploitable command execution vulnerabilities that have an effect on all fashions and {hardware} revisions of its DIR-878 router, which has reached end-of-service however remains to be accessible in a number of markets.
Technical particulars and proof-of-concept (PoC) exploit code demonstrating the vulnerabilities have been printed by a researcher utilizing the title Yangyifan.
Usually utilized in houses and small places of work, the DIR-878 was hailed as a high-performance dual-band wi-fi router when it launched in 2017.
Even when the system is not supported, it may possibly nonetheless be bought new or used for costs between $75 and $122.
Nevertheless, as DIR-878 has reached end-of-life (EoL) in 2021, D-Hyperlink warned that it’ll not launch security updates for this mannequin and recommends changing it with an actively supported product.
In complete, D-Hyperlink’s security advisory lists 4 vulnerabilities, solely certainly one of them requiring bodily entry or management over a USB system for exploitation.
- CVE-2025-60672 – Distant unauthenticated command execution through SetDynamicDNSSettings parameters saved in NVRAM and utilized in system instructions.
- CVE-2025-60673 – Distant unauthenticated command execution through SetDMZSettings and unsanitized IPAddress worth injected into iptables instructions.
- CVE-2025-60674 – Stack overflow in USB storage dealing with resulting from outsized “Serial Quantity” discipline (bodily or USB-device-level assault).
- CVE-2025-60676 – Arbitrary command execution through unsanitized fields in /tmp/new_qos.rule, processed by binaries utilizing system().
Regardless of being remotely exploitable, and exploit code already publicly accessible, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) has assessed that the vulnerabilities have a medium-severity rating.
Nevertheless, a publicly accessible exploit usually captures risk actors’ consideration, particularly botnet operators, who often embrace them of their arsenal to increase focusing on.
For example, the large-scale botnet RondoDox makes use of greater than 56 recognized flaws, some affecting D-Hyperlink gadgets, and retains including extra of them.
Extra just lately, BleepingComputer reported on the Aisuru botnet, which launched an enormous distributed denial-of-service (DDoS) assault in opposition to Microsoft’s Azure community, sending 15.72 terabits per second (Tbps) from over 500,000 IP addresses.
As MCP (Mannequin Context Protocol) turns into the usual for connecting LLMs to instruments and information, security groups are shifting quick to maintain these new companies protected.
This free cheat sheet outlines 7 finest practices you can begin utilizing at the moment.
