Detect dangerous security holes affecting many D-Link routers
Security researchers Miguel Méndez Zúñiga and Pablo Pollanco of Telefónica Chile have just published Proof-of-Concept (PoC) that allows hackers to execute remote commands and exploit vulnerabilities that leak information related to Many D-Link routers are being used worldwide.
The findings of two Chilean security experts were published on the Medium forum, including technical details of the related vulnerabilities along with two videos describing the entire PoC process to exploit the vulnerabilities. this security.
In the above two holes, most notably the remote command execution flaw, tracked with the identifier CVE-2019-17621, resides in the code system used to manage UPnP requests. This vulnerability could be exploited by an unauthentic attacker for the purpose of controlling D-Link router devices, thereby stealing data. However, CVE-2019-17621 can only be exploited by attackers who have access to the same local network segment of the target router.
In other words, to exploit this security flaw, an attacker would have to gain access to the LAN or direct access to the target device, resulting in a significantly reduced attack risk. However, this is still a dangerous flaw.
D-Link was notified by a third-party company about CVE-2019-17621 in mid-October, but the initial security advisor determined that the DIR-859 router series was vulnerable. Actual tests later revealed that dozens of D-Link DIR models were on the list of vulnerable devices.
The remaining flaw - CVE-2019-20213 - could reveal sensitive information to an attacker if it is successfully exploited, including the device's VPN configuration file, and many other sensitive information.
D-Link has now released firmware updates to address these two vulnerabilities with a number of affected devices, and pledged to release fixes for the remaining devices soon. If you are using a D-Link router, keep an eye out for updates as soon as new firmware arrives.
You should read it
- How to secure the D-Link wireless router
- Learn about 5G NR router and D-Link's WiFi Exo router
- Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
- Review D-Link DIR-822: Cheap WiFi Router for Home
- Many serious vulnerabilities have been discovered that allow attackers to take full control of the 4G router
- 10 best VPN routers 2020
- How to change DNS server on the most popular routers
- Vulnerability detection on TP-Link routers allows an attacker to log in without a password
- How to Configure TP Link Router
- Review of TP-LINK Archer C5 router
- 2 ways to set up TP-Link WiFi 6 . router
- 6 steps to block, block website with TP-Link router
Maybe you are interested
Warning: If you own an old D-Link VPN router, throw it away!
D-Link WiFi Extender contains vulnerabilities that are vulnerable to malicious attacks
Review D-Link DIR-822: Cheap WiFi Router for Home
Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
How to connect the DSL modem to the D-Link router
How to secure the D-Link wireless router