CVE-2025-60672 | D-Link DIR-878A1 FW101B04 HTTP prog.cgi SetDynamicDNSSettings ServerAddress/Hostname command injection

A vulnerability marked as critical has been reported in D-Link DIR-878A1 FW101B04. Affected by this issue is the function SetDynamicDNSSettings of the file prog.cgi of the component HTTP Handler. The manipulation of the argument ServerAddress/Hostname leads to command injection.

This vulnerability is traded as CVE-2025-60672. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More