CVE-2025-60674 identifies a stack buffer overflow vulnerability in the D-Link DIR-878A1 router firmware version FW101B04.bin, specifically within the rc binary's USB storage handling module. The vulnerability stems from unsafe input handling of the "Serial Number" field of a USB device. The code uses fgets to read up to 127 bytes from the USB device's Serial Number but copies this data into a fixed 64-byte stack buffer using sscanf, leading to a classic stack buffer overflow condition. This overflow can overwrite adjacent stack memory, potentially allowing an attacker to execute arbitrary code with the privileges of the rc process, which likely runs with elevated permissions on the router. Exploitation requires physical access or control over a USB device connected to the router, as remote exploitation is not indicated. No CVSS score has been assigned yet, and no public exploits are known. The vulnerability highlights a critical flaw in input validation and memory management in embedded device firmware, emphasizing the risks of USB device handling in network infrastructure devices. The lack of patches or mitigation details suggests that affected users should exercise caution and monitor for firmware updates from D-Link.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on the D-Link DIR-878A1 routers in their network infrastructure. Successful exploitation could lead to arbitrary code execution on the router, allowing attackers to compromise the device's integrity, disrupt network availability, or use the router as a foothold for further internal network attacks. This could result in data breaches, service outages, or manipulation of network traffic. The requirement for physical access limits the attack vector to insider threats or attackers with physical proximity, such as in shared office environments, data centers, or public-facing network equipment locations. Critical sectors like finance, healthcare, government, and telecommunications that depend on secure and reliable network infrastructure could face operational disruptions and reputational damage. Additionally, compromised routers could be used for lateral movement or as part of botnets, amplifying the threat landscape.

To mitigate this vulnerability, organizations should immediately enforce strict physical security controls to prevent unauthorized access to network devices, particularly USB ports on routers. Disable or restrict USB port usage on routers where possible, or implement USB device whitelisting to prevent untrusted devices from connecting. Network administrators should monitor logs and network behavior for signs of compromise or unusual USB device activity. Since no official patches are currently available, organizations should engage with D-Link support to obtain firmware updates or advisories and apply them promptly once released. Additionally, consider segmenting network infrastructure devices to limit exposure and applying network access controls to reduce the impact of a compromised router. Regular security audits and penetration testing focusing on physical security and device hardening can further reduce risk. Finally, educating staff about the risks of connecting unauthorized USB devices to critical network equipment is essential.