D-Link Warns of Critical RCE Flaws in DIR-846W Router: No Fixes Coming

by | Sep 4, 2024 | News

D-Link Warns of Critical RCE Flaws in DIR-846W Router: No Fixes Coming

Post Views: 295




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

D-Link has issued a warning regarding four remote code execution (RCE) vulnerabilities that impact all hardware and firmware versions of its DIR-846W router. These flaws, discovered by security researcher yali-1002, present serious security risks, yet D-Link will not be releasing patches as the product has reached its end-of-life and end-of-support status.

Vulnerability Details

  • CVE-2024-41622: Remote Command Execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1/ interface. (CVSS v3 score: 9.8 “critical”)
  • CVE-2024-44340: RCE vulnerability via the smartqos_express_devices and smartqos_normal_devices parameters in SetSmartQoSSettings (authenticated access requirement reduces the CVSS v3 score to 8.8 “high”).
  • CVE-2024-44341: RCE vulnerability via the lan(0)_dhcps_staticlist parameter, exploitable through a crafted POST request. (CVSS v3 score: 9.8 “critical”)
  • CVE-2024-44342: RCE vulnerability via the wl(0).(0)_ssid parameter. (CVSS v3 score: 9.8 “critical”)

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

D-Link’s Response

Despite the critical nature of these vulnerabilities, D-Link has confirmed that no fixes will be provided due to the router’s end-of-support status, which was officially reached in 2020. Users are strongly advised to retire the DIR-846W router and replace it with a model that is currently supported.

Exploitation Risks

The DIR-846W router is still in use in various markets, particularly outside the United States. Without security updates, these routers are vulnerable to exploitation by malware botnets, such as Mirai and Moobot, which can recruit these devices into large-scale distributed denial-of-service (DDoS) attacks.

Trending: 10 Misconceptions about Hacking




Trending: OSINT Tool: cloud_enum

Mitigation Strategies

For users who cannot immediately replace their DIR-846W router, D-Link recommends ensuring the router runs the latest available firmware, securing the web admin portal with a strong password, and enabling WiFi encryption to mitigate potential risks.

Trending: Stealthy Linux Malware ‘Sedexp’ Evades Detection with New Persistence Technique

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This