D-Link Won’t Fix 4 RCE Vulnerabilities in DIR-846W Router

Four severe security flaws have been found in the D-Link DIR-846W router, leaving users potentially exposed to remote attacks even after the device has reached its end-of-life.

Security researchers have identified four critical vulnerabilities, each carrying a CVSS score of 8.8 or higher, in the firmware version A1 FW100A43 of the D-Link DIR-846W router. These vulnerabilities enable attackers to execute malicious code remotely, potentially gaining complete control of the affected device.

The four newly disclosed vulnerabilities, all of which allow remote command execution (RCE), have been assigned the following CVEs:

1. CVE-2024-41622 (CVSS 8.8): This vulnerability is found in the tomography_ping_address parameter within the /HNAP1/ interface. Exploitation allows attackers to remotely execute arbitrary commands on the affected device.
2. CVE-2024-44340 (CVSS 8.8): Another RCE flaw, this one resides in the SetSmartQoSSettings feature, specifically targeting the smartqos_express_devices and smartqos_normal_devices parameters. Notably, this attack requires authentication, but once inside, an attacker can execute commands remotely.
3. CVE-2024-44341 (CVSS 9.8): The most critical of the group, this vulnerability involves the lan(0)_dhcps_staticlist parameter. By sending a crafted POST request, an attacker can remotely execute commands on the router without any prior authentication, making it particularly dangerous.
4. CVE-2024-44342 (CVSS 9.8): Similar in impact to the previous flaw, this RCE vulnerability is found in the wl(0).(0)_ssid parameter, allowing for remote command execution via crafted POST requests.

The D-Link DIR-846W routers affected by these vulnerabilities are no longer supported, having reached their end-of-life status. This means that while D-Link has acknowledged the flaws through a security advisory, they will not be providing patches to fix these issues. The combination of high CVSS scores and the router’s continued presence in many homes and small businesses make this a serious concern.

Exploitation of these vulnerabilities could allow attackers to:

• Take full control of the router.
• Steal sensitive information passing through the network, such as login credentials or financial data.
• Use the compromised router as a launchpad for attacks on other devices within the network.
• Disrupt internet connectivity or redirect traffic to malicious websites.

Given the severity of these vulnerabilities and the lack of forthcoming patches, D-Link strongly recommends that users of the DIR-846W router switch to a supported device immediately. Continuing to use an unsupported, vulnerable device leaves your network and connected devices exposed to significant security risks.

For users looking to upgrade, D-Link advises selecting a modern router that receives regular firmware updates and has a strong security track record. Additionally, users should always ensure that their routers are running the latest firmware to mitigate potential vulnerabilities.

Related Posts:

• APT organization steals D-Link company digital certificate to sign its malware
• Hackers Actively Exploiting Critical D-Link NAS Vulnerability: 90,000+ Devices at Risk
• D-Link router and modem vulnerabilities are being exploited by Satori IoT botnet
• CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices
• Hackers use Cisco Router flaws to attack Iran, 3,500 routers hacked