Article Details
Scrape Timestamp (UTC): 2025-11-20 15:39:04.697
Original Article Text
Click to Toggle View
D-Link warns of new RCE flaws in end-of-life DIR-878 routers. D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. Technical details and proof-of-concept (PoC) exploit code demonstrating the vulnerabilities have been published by a researcher using the name Yangyifan. Typically used in homes and small offices, the DIR-878 was hailed as a high-performance dual-band wireless router when it launched in 2017. Even if the device is no longer supported, it can still be purchased new or used for prices between $75 and $122. However, as DIR-878 has reached end-of-life (EoL) in 2021, D-Link warned that it will not release security updates for this model and recommends replacing it with an actively supported product. In total, D-Link's security advisory lists four vulnerabilities, only one of them requiring physical access or control over a USB device for exploitation. Despite being remotely exploitable, and exploit code already publicly available, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has assessed that the vulnerabilities have a medium-severity score. However, a publicly available exploit typically captures threat actors' attention, especially botnet operators, who usually include them in their arsenal to expand targeting. For instance, the large-scale botnet RondoDox uses more than 56 known flaws, some affecting D-Link devices, and keeps adding more of them. More recently, BleepingComputer reported on the Aisuru botnet, which launched a massive distributed denial-of-service (DDoS) attack against Microsoft's Azure network, sending 15.72 terabits per second (Tbps) from over 500,000 IP addresses. Secrets Security Cheat Sheet: From Sprawl to Control Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start. Get the cheat sheet and take the guesswork out of secrets management.
Daily Brief Summary
D-Link has issued a warning about three remote command execution vulnerabilities in its DIR-878 routers, which have reached end-of-life status.
Despite the device's discontinuation in 2021, it remains available in several markets, with prices ranging from $75 to $122.
Technical details and proof-of-concept exploit code for these vulnerabilities have been released by a researcher, raising potential security concerns.
D-Link advises replacing the DIR-878 with a supported product, as no security updates will be provided for this model.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has rated these vulnerabilities with a medium-severity score.
Publicly available exploits often attract threat actors, including botnet operators, who may integrate these vulnerabilities into their attack strategies.
The RondoDox botnet, known for using numerous flaws, and the Aisuru botnet, which recently launched a significant DDoS attack, exemplify the potential risks.