D-Link has released critical security updates for several of its popular wireless router models, addressing multiple vulnerabilities that could allow attackers to gain control of affected devices. These vulnerabilities, discovered and publicly disclosed by Taiwan's Computer Emergency Response Team (TWCERT), affect the DIR-X5460, DIR-X4860, and COVR-X1870 routers. Users of these devices are strongly urged to update their firmware to the latest versions to protect against these exploits.
The vulnerabilities involve flaws in firmware versions v1.11B01_Hot-Fix and below for DIR-X5460, v1.04B04_Hot-Fix and below for DIR-X4860, and v1.02 and below for the COVR-X1870. TWCERT disclosed these issues before D-Link could release patches, creating a potential window of risk for users. Despite this, D-Link swiftly investigated the problems and developed fixes, which were released on September 13, 2024.
The flaws are summarized below:
- CVE-2024-45694 (CVSS: 9.8, Critical) – A stack-based buffer overflow vulnerability in the web service of certain D-Link routers allows unauthenticated remote attackers to execute arbitrary code on the device. This flaw, which can be exploited without user interaction, poses a high risk as attackers could fully compromise affected devices.
- CVE-2024-45695 (CVSS: 9.8, Critical) – Similar to CVE-2024-45694, this vulnerability also allows remote attackers to exploit a stack-based buffer overflow in the web service, potentially leading to device takeover and unauthorized code execution.
- CVE-2024-45696 (CVSS: 8.8, High) – In this case, attackers can enable the router's telnet service by sending specific packets, allowing them to log in using hard-coded credentials. This exploit requires access to the local network, but it could lead to unauthorized control over the device.
- CVE-2024-45697 (CVSS: 9.8, Critical) – This vulnerability stems from hidden functionality in certain routers, where the telnet service is automatically enabled when the WAN port is plugged in. Attackers can then log in remotely using hard-coded credentials, posing a serious security risk.
- CVE-2024-45698 (CVSS: 8.8, High) – Certain D-Link routers fail to properly validate user input in the telnet service, allowing remote attackers to use hard-coded credentials to log in and execute arbitrary system commands.
D-Link acted swiftly upon learning of the vulnerabilities, developing and releasing patches despite the premature public disclosure by TWCERT. To mitigate risks, D-Link urges all affected users to install the latest firmware updates for their devices. COVR-X1870 users should upgrade to v1.03B01, DIR-X4860 to v1.04B05, and DIR-X5460 to DIR-X5460A1_V1.11B04.
Leaving devices unpatched could expose them to severe risks, including unauthorized remote access and full system compromise. Some D-Link routers, however, won't be receiving patches for similar vulnerabilities due to their End of Life status. You can read more about those models and risks here.
Regularly checking for firmware updates, using a strong administrator password, and disabling remote admin panel access if not needed are crucial in maintaining a secure network environment.
New AutoIt Malware Forces Users to Surrender Credentials in Kiosk Mode
Leave a Reply