Articles Serious bugs fixed in D-Link routers

Serious bugs fixed in D-Link routers


This summer, Digital Defense specialists  discovered that a number of D-Link router models were vulnerable to command injection, including remote ones.

Initially, problems were found in DSR-250 routers with firmware version 3.17, but then it turned out that vulnerabilities also affect other manufacturer’s devices, namely D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers with firmware versions 3.17 and earlier.

The most serious of these bugs could have allowed an unauthenticated attacker to gain access to the Unified Services Router’s web interface (over a LAN or WAN) to inject arbitrary commands to be executed with root privileges. To exploit problems, an attacker only needs to send a specially crafted request to the device, which will lead to gaining full control over the device.

In essence, with these bugs, hackers could use the gained access to intercept traffic, modify it, or attack other connected devices.

The D-Link developers have already acknowledged the vulnerabilities and published some details , saying that the root of the most dangerous problems was that some LUA CGIs are available without authentication. Currently, patches have already been released for all affected router models: the latest firmware to fix the issue is 3.17B401C.

At the same time, there is no need to wait for patches for a smaller vulnerability, since in order to exploit it, the attacker first needs to gain access to the device and load the configuration file, the developers refused to recognize this as any serious problem.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you