DIR-878 router remotely exploitable command execution flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
D-Link DIR-878 routers are affected by four vulnerabilities, including three remotely exploitable command execution flaws and one USB/physical-access stack overflow. The issues affect all models and hardware revisions, and public PoC exploit code is already available, raising the risk for still-deployed devices. Because the DIR-878 is end-of-life, there will be no security updates for the model.
Related Happenings
Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign
Campaign
First: 22.04.2026 23:04
Last: 22.04.2026 23:04
Sources 1
About this happening:
The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...
Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign
CampaignAbout this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation Wave
First: 02.04.2026 11:25
Last: 02.04.2026 11:25
Sources 1
About this happening:
As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation WaveAbout this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)
Exploitation Wave
First: 25.12.2025 10:07
Last: 25.12.2025 10:07
Sources 1
About this happening:
**CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...
Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)
Exploitation WaveAbout this happening: **CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...
CISA KEV addition for Sierra Wireless ALEOS routers
Public Sector Action
First: 13.12.2025 14:33
Last: 13.12.2025 14:33
Sources 1
About this happening:
**CISA** added **CVE-2018-4063** to its **KEV catalog**, putting **Sierra Wireless AirLink ALEOS routers** under federal remediation pressure after reports of **active exploitatio...
CISA KEV addition for Sierra Wireless ALEOS routers
Public Sector ActionAbout this happening: **CISA** added **CVE-2018-4063** to its **KEV catalog**, putting **Sierra Wireless AirLink ALEOS routers** under federal remediation pressure after reports of **active exploitatio...
D-Link DIR-878 end-of-life replacement advisory
Advisory/Mitigation
First: 20.11.2025 17:38
Last: 20.11.2025 17:38
Sources 1
How related:
However, as DIR-878 has reached end-of-life (EoL) in 2021, D-Link warned that it will not release security updates for this model and recommends replacing it with an actively supported product.
About this happening:
**D-Link** told users of the **DIR-878 router** to move off the device because it reached **end-of-life in 2021** and will receive **no further security updates**. The mitigation...
D-Link DIR-878 end-of-life replacement advisory
Advisory/MitigationHow related: However, as DIR-878 has reached end-of-life (EoL) in 2021, D-Link warned that it will not release security updates for this model and recommends replacing it with an actively supported product.
About this happening: **D-Link** told users of the **DIR-878 router** to move off the device because it reached **end-of-life in 2021** and will receive **no further security updates**. The mitigation...
Timeline
-
20.11.2025 17:38 2 articles · 6mo ago
D-Link warns about DIR-878 command execution flaws
Initial DisclosureD-Link warns that DIR-878 routers are affected by four vulnerabilities, including CVE-2025-60672, CVE-2025-60673, CVE-2025-60674, and CVE-2025-60676, with three remotely exploitable command execution flaws and one USB- or physical-access stack overflow affecting all models and hardware revisions. The DIR-878 is end-of-life, will not receive security updates, and should be replaced with an actively supported product; proof-of-concept exploit code for the vulnerabilities is already public.
Show sources
- D-Link warns of new RCE flaws in end-of-life DIR-878 routers — www.bleepingcomputer.com — 20.11.2025 17:38
- D-Link warns of new RCE flaws in end-of-life DIR-878 routers — www.bleepingcomputer.com — 20.11.2025 17:38