CVE-2025-60673
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in
CVSS
6.5
Medio
EPSS
3.5%
p88
KEV
—
Exploit Today
26
0-100
Publicado: 13 nov 2025 · Última mod.: 5 jul 2026 · CWE-77
3.5%EPSS · 30 días3.6%
2026-06-302026-07-16
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2023-376799.8 CRÍ99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.8dCVE-2026-80379.6 CRÍ98.6%
——30OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints3dCVE-2022-457018.8 ALT98.5%
——30Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.8dCVE-2023-337828.8 ALT98.3%
——30D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.8d