Tuesday, November 12, 2024
HomeCVE/vulnerabilityCritical Vulnerabilities Impact Million of D-Link Routers, Patch Now!

Critical Vulnerabilities Impact Million of D-Link Routers, Patch Now!

Published on

Malware protection

Millions of D-Link routers are at risk due to several critical vulnerabilities. Security researcher Raymond identified these vulnerabilities, which have been assigned multiple CVE IDs and pose severe threats to users worldwide.

D-Link has issued urgent firmware updates to mitigate these risks. Users are strongly advised to update their devices immediately to protect against potential exploits.

CVE-2024-45694: Stack-based Buffer Overflow

The first vulnerability, CVE-2024-45694, affects the DIR-X5460 A1 and DIR-X4860 A1 models of D-Link routers. In their web service, this flaw is classified as a stack-based buffer overflow vulnerability. With a CVSS score of 9.8, it is deemed critical.

- Advertisement - SIEM as a Service

Impact

Unauthenticated, remote attackers can exploit this vulnerability to execute arbitrary code on the affected devices. This could allow attackers to control the router, leading to unauthorized access to the network and sensitive data.

Solution

D-Link has released firmware updates to address this vulnerability. Users should update the DIR-X5460 A1 to version 1.11B04 or later and the DIR-X4860 A1 to version 1.04B05 or later.

CVE-2024-45698: OS Command Injection

The second critical vulnerability, CVE-2024-45698, involves OS command injection through improper input validation in the DIR-X4860 A1 model’s telnet service. This flaw has a CVSS score of 8.8.

Impact

Attackers can use hard-coded credentials to log into the telnet service and inject arbitrary OS commands. This exploit allows attackers to execute commands on the device remotely, potentially compromising network security and data integrity.

Solution

To mitigate this risk, users should update the DIR-X4860 A1 firmware to version 1.04B05 or later.

CVE-2024-45697: Hidden Functionality

CVE-2024-45697 reveals hidden functionality in certain D-Link routers where the telnet service is enabled when the WAN port is plugged in. This vulnerability affects the DIR-X4860 A1 model and is rated with a critical CVSS score of 9.8.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

Impact

Unauthorized remote attackers can exploit this hidden functionality using hard-coded credentials to execute OS commands on the device, posing significant security threats.

Solution

Users are advised to update their DIR-X4860 A1 firmware to version 1.04B05 or later to disable this hidden functionality.

CVE-2024-45695: Another Stack-based Buffer Overflow

A similar stack-based buffer overflow vulnerability, CVE-2024-45695, affects the DIR-X4860 A1 model with a critical CVSS score of 9.8.

Impact

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on the affected routers, potentially allowing unauthorized access to and control over network resources.

Solution

Updating the firmware of DIR-X4860 A1 to version 1.04B05 or later is crucial for mitigating this threat.

CVE-2024-45696: Hidden Functionality in Multiple Models

CVE-2024-45696 exposes hidden functionality in both the DIR-X4860 A1 and COVR-X1870 models. This vulnerability has a high CVSS score of 8.8.

Impact

Attackers can enable telnet services by sending specific packets to the web service and then logging in using hard-coded credentials. This access is limited to local network environments but still poses significant risks.

Solution

Users should update their DIR-X4860 A1 firmware to version 1.04B05 or later and COVR-X1870 firmware to v1.03B01 or later.

These vulnerabilities highlight the importance of maintaining updated firmware on networking devices like routers.

The potential for unauthorized access and control underscores a pressing need for vigilance among users and IT administrators alike, as a report by Twcert. 

D-Link has responded promptly with necessary patches, but users must ensure their devices are secured by applying these updates immediately. Failure to do so could result in severe security breaches affecting personal and organizational networks. 

Stay informed and proactive in safeguarding your digital environment by regularly checking for updates and following best practices in cybersecurity hygiene.

Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...