Critical D-Link Router Vulnerabilities Allow Remote Code Execution

by | Sep 17, 2024 | News

Critical D-Link Router Vulnerabilities Allow Remote Code Execution

Post Views: 170




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

D-Link Fixes Critical Vulnerabilities in Popular WiFi Routers

D-Link has patched critical security vulnerabilities in three widely-used wireless routers, affecting both high-end WiFi 6 routers (DIR-X models) and mesh networking systems (COVR). The vulnerabilities allow remote attackers to execute arbitrary code and access devices using hardcoded credentials, posing a serious security risk.

The affected models include:

  • COVR-X1870 (non-US) on firmware v1.02 and below
  • DIR-X4860 on firmware v1.04B04_Hot-Fix and older
  • DIR-X5460 running firmware v1.11B01_Hot-Fix or earlier

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Five vulnerabilities have been identified, with three of them rated as critical:

  1. CVE-2024-45694 (9.8 critical): Stack-based buffer overflow, allowing unauthenticated remote attackers to execute arbitrary code on the device.
  2. CVE-2024-45695 (9.8 critical): Another stack-based buffer overflow that enables unauthenticated remote code execution.
  3. CVE-2024-45696 (8.8 high): Attackers can forcefully enable the telnet service using hardcoded credentials, gaining access within the local network.
  4. CVE-2024-45697 (9.8 critical): The telnet service is automatically enabled when the WAN port is plugged in, allowing remote access via hardcoded credentials.
  5. CVE-2024-45698 (8.8 high): Poor input validation in the telnet service allows remote attackers to execute OS commands using hardcoded credentials.

Firmware Fixes:

  • COVR-X1870: Upgrade to v1.03B01
  • DIR-X4860: Upgrade to v1.04B05
  • DIR-X5460: Upgrade to DIR-X5460A1_V1.11B04

Trending: Understanding PTaaS and SOC




Trending: Offensive Security Tool: headi

D-Link disclosed that it learned of these flaws from Taiwan’s national CERT (TWCERT) on June 24 but was not given the standard 90-day period to resolve the issues before they were disclosed. D-Link criticized this early disclosure, stating that it unnecessarily exposes users to risks without allowing time for patches to be made available.

While there have been no reports of these vulnerabilities being exploited in the wild, D-Link routers are frequent targets for malware botnets, making it essential for users to update their firmware to avoid potential attacks.

Trending: Kali Linux 2024.3 Release: 11 New Hacking Tools, New Features

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This