CVE-2025-60672

EPSS 0.29% · P53 Updated Nov 15, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-60672

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to construct system commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

D-Link DIR-878 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

D-Link DIR-878是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-878 A1_FW101B04.bin版本存在安全漏洞，该漏洞源于SetDynamicDNSSettings功能中ServerAddress和Hostname参数未经验证，可能导致远程命令执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2025-60672

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-60672

请登录查看更多情报信息。

Same Patch Batch · n/a · 2025-11-13 · 39 CVEs total

CVE-2025-13130	7.8 HIGH	Radarr Service Radarr.Console.exe default permission
CVE-2025-13131	7.8 HIGH	Sonarr Service Sonarr.Console.exe default permission
CVE-2025-12818	5.9 MEDIUM	PostgreSQL libpq undersizes allocations, via integer wraparound
CVE-2025-13120	5.3 MEDIUM	mruby array.c sort_cmp use after free
CVE-2025-12817	3.1 LOW	PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
CVE-2025-60698		D-Link DIR-882 安全漏洞
CVE-2025-47221		Keyfactor SignServer 安全漏洞
CVE-2025-60684		TOTOLINK LR1200GB 安全漏洞
CVE-2025-60691		Linksys E1200 安全漏洞
CVE-2025-60699		TOTOLINK A950RG 安全漏洞
CVE-2025-60685		TOTOLINK A720R 安全漏洞
CVE-2025-60697		D-Link DIR-882 安全漏洞
CVE-2025-60692		Linksys E1200 安全漏洞
CVE-2025-60686		ToToLink多款产品安全漏洞
CVE-2025-60671		D-Link DIR-823G 安全漏洞
CVE-2025-60687		TOTOLINK LR1200GB 安全漏洞
CVE-2025-55810		Alaga Home Security WiFi Camera 安全漏洞
CVE-2025-63406		groupoffice 安全漏洞
CVE-2025-52186		lila 安全漏洞
CVE-2025-47222		Keyfactor SignServer 安全漏洞

Showing top 20 of 39 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2025-60672

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-60672

I. Basic Information for CVE-2025-60672

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-60672

III. Intelligence Information for CVE-2025-60672

Same Patch Batch · n/a · 2025-11-13 · 39 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-60672

Leave a comment