Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detect dangerous security holes affecting many D-Link routers
Security researchers Miguel Méndez Zúñiga and Pablo Pollanco of Telefónica Chile have just published Proof-of-Concept (PoC) that allows hackers to execute remote commands and exploit vulnerabilities that leak information related to Many D-Link routers are being used worldwide.
The findings of two Chilean security experts were published on the Medium forum, including technical details of the related vulnerabilities along with two videos describing the entire PoC process to exploit the vulnerabilities. this security.
Detect dangerous security holes affecting many D-Link routers Picture 1
In the above two holes, most notably the remote command execution flaw, tracked with the identifier CVE-2019-17621, resides in the code system used to manage UPnP requests. This vulnerability could be exploited by an unauthentic attacker for the purpose of controlling D-Link router devices, thereby stealing data. However, CVE-2019-17621 can only be exploited by attackers who have access to the same local network segment of the target router.
In other words, to exploit this security flaw, an attacker would have to gain access to the LAN or direct access to the target device, resulting in a significantly reduced attack risk. However, this is still a dangerous flaw.
D-Link was notified by a third-party company about CVE-2019-17621 in mid-October, but the initial security advisor determined that the DIR-859 router series was vulnerable. Actual tests later revealed that dozens of D-Link DIR models were on the list of vulnerable devices.
The remaining flaw - CVE-2019-20213 - could reveal sensitive information to an attacker if it is successfully exploited, including the device's VPN configuration file, and many other sensitive information.
D-Link has now released firmware updates to address these two vulnerabilities with a number of affected devices, and pledged to release fixes for the remaining devices soon. If you are using a D-Link router, keep an eye out for updates as soon as new firmware arrives.
Micah SotoYou should read it
- How to secure the D-Link wireless router
- Learn about 5G NR router and D-Link's WiFi Exo router
- Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
- Review D-Link DIR-822: Cheap WiFi Router for Home
- Many serious vulnerabilities have been discovered that allow attackers to take full control of the 4G router
- 10 best VPN routers 2020
- How to change DNS server on the most popular routers
- Vulnerability detection on TP-Link routers allows an attacker to log in without a password
- How to Configure TP Link Router
- Review of TP-LINK Archer C5 router
- 2 ways to set up TP-Link WiFi 6 . router
- 6 steps to block, block website with TP-Link router
May be interested
IoT smart watches can put children in danger
Microsoft successfully rescued 50 domain names from the notorious hacker group
Check out some of the serious security holes that need to be fixed in the first days of 2020
'Red alert' after the hack targeted Twitter, Facebook removed the feature matching contacts with phone numbers in Messenger
Smishing, public WiFi, deepfake ... but every security threat will explode in 2020
Take a look at the most significant threats from the security world in 2019
Attack the network
Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
Critical RCE vulnerability affects 29 DrayTek router models
Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
The United States 'bans' TP-Link routers
Detect 2 serious security holes in the Zoom application- Three critical holes in Linksys routers, hackers can take advantage of hijacking
Detect 2 serious security holes in the Zoom application
Three critical holes in Linksys routers, hackers can take advantage of hijacking