CVE-2025-60674 is a stack-based buffer overflow vulnerability identified in the D-Link DIR-878A1 router firmware version FW101B04.bin, specifically within the rc binary's USB storage handling module. The vulnerability stems from unsafe parsing of the "Serial Number" field of a USB device. The code uses fgets to read up to 127 bytes from the USB device's Serial Number into a buffer that is only 64 bytes in size on the stack. Subsequently, sscanf attempts to parse this data into the buffer, leading to a classic stack buffer overflow (CWE-121). This overflow can corrupt the stack, potentially allowing an attacker to execute arbitrary code with the privileges of the rc binary, which is part of the router's firmware. Exploitation requires physical access or control over a USB device connected to the router, as remote exploitation is not indicated. The CVSS v3.1 score is 6.8 (medium severity), reflecting the need for physical access (Attack Vector: Physical) but low attack complexity and no privileges or user interaction required. The impact on confidentiality, integrity, and availability is high, as arbitrary code execution could allow attackers to compromise the router, intercept or manipulate network traffic, or disrupt network services. No patches or firmware updates are currently linked, and no known exploits have been reported in the wild. The vulnerability was reserved on 2025-09-26 and published on 2025-11-13.

For European organizations, this vulnerability poses a significant risk primarily in environments where physical security of network devices is not strictly enforced, such as public or semi-public areas, shared office spaces, or locations with frequent visitor access. Successful exploitation could lead to full compromise of the affected router, enabling attackers to intercept sensitive communications, manipulate network traffic, or launch further attacks within the internal network. Critical infrastructure operators, government agencies, and enterprises relying on D-Link DIR-878A1 routers could face operational disruptions and data breaches. The requirement for physical access limits the threat scope but does not eliminate it, especially in scenarios involving insider threats or social engineering to gain device proximity. The high impact on confidentiality, integrity, and availability underscores the importance of addressing this vulnerability promptly to maintain network security and trust.

1. Enforce strict physical security controls around network infrastructure to prevent unauthorized access to routers and USB ports. 2. Disable or restrict USB port functionality on routers where possible, or use port locks to prevent unauthorized USB device insertion. 3. Monitor and log USB device connections to network devices to detect anomalous activity. 4. Segregate network devices physically and logically to limit exposure if a device is compromised. 5. Regularly check for and apply firmware updates from D-Link addressing this vulnerability once available. 6. Implement network segmentation and intrusion detection systems to detect unusual traffic patterns indicative of router compromise. 7. Educate staff about the risks of connecting unauthorized USB devices to network equipment. 8. Consider replacing affected routers with models that have no known vulnerabilities or better security controls if patching is delayed.