Several critical vulnerabilities in D-Link’s DIR-878 routers affect all models and firmware revisions, allowing unauthorized remote access. Notable vulnerabilities include CVE-2025-60672 and CVE-2025-60673, both critical command injection flaws with CVSS scores of 9.8. Attackers can exploit these vulnerabilities through specially crafted HTTP requests targeting the router’s settings.
The vulnerabilities are due to improper parameter handling in the CGI web interface and pose significant risks as the devices are no longer supported. Additionally, the advisories recommend users upgrade to newer models to mitigate the severe risks associated with these outdated products. Continued use of end-of-life routers can lead to security issues, especially in untrusted networks.
👉 Pročitaj original: Cyber Security News
