Articles D-Link removed hardcoded credentials from its router

D-Link removed hardcoded credentials from its router


D-Link developers have eliminated several vulnerabilities by releasing new firmware for the DIR-3040 AC3000 router. Thanks to these bugs, attackers could execute arbitrary code, gain access to confidential information, or disable a device through a denial of service.

The vulnerabilities were discovered by Cisco Talos experts, and among them are hard-coded credentials, command injection issues and information disclosure:

  • CVE-2021-21816: Syslog Disclosure
  • CVE-2021-21817: Zebra IP Routing Manager Information Disclosure
  • CVE-2021-21818: Zebra IP Routing Manager hardcoded password
  • CVE-2021-21819: Libcli Command Injection
  • CVE-2021-21820: Hardcoded password in Libcli Test Environment.

Vulnerabilities CVE-2021-21818 and CVE-2021-21820 are hard-coded credentials found in Zebra IP Routing Manager and Libcli Test Environment. Both issues allow you to bypass the authentication process (through specially crafted network requests). This will ultimately lead to either a denial of service or arbitrary code execution on the target router.

Another critical vulnerability, CVE-2021-21819 , is related to command injection and was found as part of the Libcli Test Environment. This problem can also be used to execute arbitrary code. In addition, the issue allows the hidden telnet service to start without authentication by simply visiting https: /// start_telnet and log in to the Libcli Test Environment using the default password stored on the router unencrypted.

On July 15, 2021, the D-Link developers fixed these problems by releasing a hotfix for firmware 1.13B03 and below.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you