- D-Link warns that all DIR-878 routers (discontinued in 2021) have four RCE flaws
- Researcher Yangyifan published a PoC exploit code; CISA has not yet added them to the KEV catalog
- End-of-life routers are prime targets for botnets (Mirai, Aisuru) for DDoS and proxy abuse
D-Link has warned its customers about four vulnerabilities it recently discovered in a router model that is no longer supported.
In a security advisory, D-Link said that all versions of the DIR-878 device, i.e. derivative models, all revisions, and all firmware versions, are vulnerable to multiple remote code execution bugs.
The vulnerabilities are tracked as CVE-2025-60672, CVE-2025-60673, CVE-2025-60674, and CVE-2025-60676, and received severity scores between 6.5 and 6.8/10 (medium). The first two issues are unauthenticated remote command execution bugs, the third is a stack overflow in USB storage handling bug, and the last is an arbitrary command execution vulnerability.
Proof of concept threats
The affected router was first released in 2017 and discontinued in 2021, but apparently can still be purchased, new or used, for prices between $75 and $125. It was mainly used in homes and small offices.
But a security researcher named Yangyifan published technical details and proof-of-concept (PoC) exploit code. However, even though the PoC has already been published, the US Cybersecurity and Infrastructure Security Agency (CISA) has not yet added it to its catalog of known exploited vulnerabilities (KEV).
Still, with the PoC available, it’s safe to assume it’s only a matter of time before real-life attacks begin.
Many of the world’s largest botnets, such as Mirai or Aisuru, target end-of-life routers, DVRs, home surveillance systems, and smart home appliances, and assimilate them into the network.
Access is then rented to other cybercriminals for various activities, such as residential proxy services (hiding cybercriminal activity behind other people’s routers), distributed denial of service (DDoS) attacks (taking down websites and online services), and the like.
The best way to defend against these defects is to replace outdated hardware with a newer model. If that’s not an option, D-Link recommends at least installing the latest firmware and maintaining a strong password (which is also updated frequently).
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
