A critical vulnerability in several D-Link wireless router models allows unauthenticated attackers to gain administrative access. The CVE-2024-6045 vulnerability has a high severity CVSS score of 8.8.
All about the vulnerability in D-Link Routers
According to Twcert blogs, the vulnerability arises from an undisclosed factory testing backdoor in specific D-Link router models. Attackers on the local network can enable the Telnet service by accessing a specific URL. Additionally, by analyzing the firmware, attackers can obtain administrator credentials, giving them full control over the compromised router.
Impacted Router Models
The following D-Link router models are affected by this vulnerability:
E15, E30, G403, G415, G416, M15, M18, M30, M32, M60, R03, R04, R12, R15, R18, R32.
Users of these router models are strongly advised to update their firmware to the latest version to mitigate the risk of exploitation. D-Link has released firmware updates to address this critical vulnerability. Here are the guidelines for updating router firmware:
- Models G403, G415, G416, M18, R03, R04, R12, R18: Update to firmware version 1.10.01 or later.
- Models E30, M30, M32, M60, R32: Update to firmware version 1.10.02 or later.
- Models E15, R15: Update to firmware version 1.20.01 or later.
Users are urged to promptly apply these firmware updates to safeguard their routers from potential attacks.
Security researcher Raymond discovered and reported the vulnerability.
D-Link has acknowledged the issue and issued firmware updates to resolve the vulnerability.
As always, it is advisable to regularly check for and apply firmware updates to maintain the security of your network devices.
Stay vigilant and protect your routers from potential threats.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment