D-Link routers under threat from dangerous flaw - here's how to stay safe

News
By published

An end-of-life D-Link router is vulnerable to four flaws

cables going into the back of a broadband router on white background
(Image credit: Shutterstock)
  • D-Link warns all DIR-878 routers (discontinued in 2021) carry four RCE flaws
  • Researcher Yangyifan released PoC exploit code; CISA has not yet added them to KEV catalog
  • End-of-life routers are prime botnet targets (Mirai, Aisuru) for DDoS and proxy abuse

D-Link has warned customers about four vulnerabilities it recently discovered in a router model that is no longer supported.

In a security advisory, D-Link said that all versions of the DIR-878 device, meaning derivative models, all revisions, and all firmware versions, are vulnerable to multiple remote code execution bugs.

The vulnerabilities are tracked as CVE-2025-60672, CVE-2025-60673, CVE-2025-60674, and CVE-2025-60676, and were given severity scores between 6.5 and 6.8/10 (medium). The first two issues are remote unauthenticated command execution bugs, the third one is a stack overflow in USB storage handling bug, and the last one is an arbitrary command execution vulnerability.

Proof of concept threats

The affected router was first released in 2017 and was discontinued back in 2021, but apparently can still be purchased, new or used, for prices between $75 and $125. It was used mostly in homes and small offices.

But a security researcher named Yangyifan published both technical details, and proof-of-concept (PoC) exploit code. However, despite the PoC already being released, the US Cybersecurity and Infrastructure Security Agency (CISA) has not yet added it to its Known Exploited Vulnerabilities (KEV) catalog.

Still, with the PoC out there, it is safe to assume it’s only a matter of time before real-life attacks start.

Many of the world’s biggest botnets, such as Mirai, or Aisuru, target end-of-life routers, DVRs, home surveillance systems, and smart home appliances, and assimilate them into the network.

Access is then rented out to other cybercriminals for various activities, such as residential proxy services (hiding cybercriminal activity behind other people’s routers), Distributed Denial of Service (DDoS) attacks (taking down websites and online services), and similar.

The best way to defend against these flaws is to replace the outdated hardware with a newer model. If that’s not an option, D-Link advises at least installing the latest firmware, and keeping a strong password (that is frequently updated, too).

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.