CVE-2025-60673

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-60697

Affects: D-Link DIR-882 router firmware (DIR882A1_FW102B02). Vulnerable path: prog.cgi (sub_4438A4) stores user-controlled DDNS fields (ServerAddress, Hostname) in NVRAM via nvram_safe_set; rc (start_DDNS_ipv4) reads them via nvram_safe_get, concatenates into DDNS commands, and executes with twsy...

CVE-2025-60673

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands...

PT-2025-46882

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 Router firmware version DIR882A1 FW102B02 Description A command injection issue exists in the D-Link DIR-882 Router firmware. The sub 432F60 function within the prog.cgi binary stores user-supplied SetSysLogSettings/IPAddress...

Asus asuswrt Plaintext Password Storage Vulnerability

ASUSWRT, the unified firmware used by ASUS in its latest routers, is a web-based graphical user interface for ASUS routers. A plaintext password storage vulnerability exists in Asus asuswrt version 3.0.0.4.380.7743 and earlier. Passwords are stored in plaintext in the nvram in the HTTPd server. A...