Critical Vulnerabilities Impact Millions of D-Link Routers — Patch Now!

Home/Arbitrary Code Execution, Security Advisory, Security Update, vulnerability/Critical Vulnerabilities Impact Millions of D-Link Routers — Patch Now!

Critical Vulnerabilities Impact Millions of D-Link Routers — Patch Now!

Millions of D-Link routers are vulnerable to critical security flaws. Urgent firmware updates have been released, and users are advised to patch their devices immediately to prevent exploitation.

CVE-2024-45694-Stack-based Buffer Overflow

CVE-2024-45694 is a critical stack-based buffer overflow in D-Link DIR-X5460 A1 and DIR-X4860 A1 routers, with a CVSS score of 9.8.

Remote attackers can exploit this vulnerability to run arbitrary code, potentially taking control of the router and accessing sensitive data.

Update DIR-X5460 A1 to firmware version 1.11B04 or later and DIR-X4860 A1 to version 1.04B05 or later.

CVE-2024-45698: OS Command Injection

CVE-2024-45698 affects the DIR-X4860 A1 model, allowing OS command injection through improper input validation in the telnet service, with a CVSS score of 8.8.

Attackers can use hard-coded credentials to inject and execute arbitrary commands on the device, risking network and data security.

Update DIR-X4860 A1 firmware to version 1.04B05 or later.

CVE-2024-45697: Hidden Functionality

CVE-2024-45697 affects the DIR-X4860 A1 model, where hidden telnet functionality activates when the WAN port is connected, with a critical CVSS score of 9.8.

Unauthorized remote attackers can exploit this hidden telnet service using hard-coded credentials to execute OS commands, which poses significant security risks.

Update DIR-X4860 A1 firmware to version 1.04B05 or later to disable this hidden functionality.

CVE-2024-45695: Another Stack-based Buffer Overflow

A stack-based buffer overflow vulnerability in the DIR-X4860 A1 model, with a critical CVSS score of 9.8.

Unauthenticated remote attackers can execute arbitrary code, risking unauthorized access and control over network resources.

Update DIR-X4860 A1 firmware to version 1.04B05 or later to mitigate this threat.

CVE-2024-45696: Hidden Functionality in Multiple Models

This vulnerability affects the DIR-X4860 A1 and COVR-X1870 models, with a high CVSS score of 8.8.

Attackers can enable telnet services by sending specific packets and then log in with hard-coded credentials. While access is limited to the local network, it still poses significant risks.

Update DIR-X4860 A1 firmware to version 1.04B05 or later and COVR-X1870 firmware to v1.03B01 or later.

Maintaining updated firmware is crucial to prevent unauthorized access and control.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-09-26T19:41:47+05:30 September 16th, 2024|Arbitrary Code Execution, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!