• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10475
DIR-878 : All Revisions / All Firmware : End-of-Life (EoL) / End-of-Serivce (EoS) : Vulnerabilities Reported
Publication ID: SAP10475
Resolved Status: Yes
Published on: 17 November 2025 9:24 GMT
Last updated on: 17 November 2025 9:31 GMT

 

Overview

 

The DIR-878 060 :: All Models, Derivative Models, All Revisions, and All Firmware reached their End-of-Life (EOL)/ End-of-Service Life (EOS) lifecycle. D-Link Corporation and D-Link North America (D-Link Systems, Inc.) recommend that all current users take one or more of the following actions:

 

1.       Transition to a current-generation product.

2.       Perform comprehensive data backup.

3.       Contact our local regional office for further recommendations or information (LINK). 

 

By standard industry practice, products that have reached EOL/EOS status may no longer receive technical support or firmware updates. Please read the detailed information and recommendations provided below.

 

3rd Party Report information:

           

                            CVE-2025-60672 - Link - the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to construct system commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.

 

 

                            CVE-2025-60673 - Link - the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution

 

                            CVE-2025-60674 - Link -  Involving rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access or control over a USB device can exploit this vulnerability to potentially execute arbitrary code on the device.

 

                     CVE-2025-60676 - Link -  The timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device.

 

 

Affected Models

 

Model

Region

Hardware Revision

End of Support

Legacy Website

Last Updated

DIR-878

Worldwide

All Series Models & H/W Revisions

01/31/2021

Yes (LINK)

11/17/2025

 

 

Recommendation for EOL /EOS Products

  

In line with industry practice, D-Link may periodically determine that certain products have reached a stage where further support or development is no longer attainable. This decision may be driven by commonly acknowledged factors such as technology evolution, market requirement, innovation, product efficiency, or the need for product replacement due to superior functionality.

 

For US Consumers

 

When a product reaches EOL/EOS status, which we have always announced for an extended period in advance, no further extended support, updates, or development may be available.

 

We may not be able to address issues related to devices or firmware for such products, as development and customer support may have been discontinued. If you are outside the US, please get in touch with your regional D-Link office for an inquiry.

 

We recommend discontinuing such products and caution that continued use may harm other connected devices. If users continue using these devices, please ensure they are updated to the latest known firmware on the Legacy Website links above. Additionally, users should frequently update a device's unique password to access its web configuration and always have Wi-Fi encryption enabled with a strong and unique password.

 

Regarding the Security Update for Your Device

 

Installing firmware updates is critical in addressing security vulnerabilities in your devices. We strongly urge all users to install the relevant updates and regularly check for further updates. After downloading the firmware update, it is essential to ALWAYS validate its success by comparing the firmware version on your product interface to the firmware update version.

 

Please note that beta software, beta firmware, or hot-fix release is still undergoing rigorous testing before its official release. This ensures it is of the highest quality and meets our stringent standards. Due to such nature, we do not provide express or implied warranties regarding its suitability or usability. It is essential to understand that the user assumes all risk and liability for its use

 

NOTE: Our products have different hardware revisions, so please check your device’s hardware revision before downloading the corresponding firmware update. The hardware revision can be found on the product label next to the serial number or on the device's web interface.