Multiple Critical Vulnerabilities Found in D-Link WiFi Routers: Immediate Firmware Updates Advised

Multiple critical vulnerabilities in D-Link routers have been disclosed, potentially affecting millions of users worldwide. TWCERT/CC, Taiwan’s cybersecurity agency, has issued urgent advisories, urging users to update their firmware immediately to avoid remote takeover of their devices.

The Vulnerabilities

CVE-2024-45694 (CVSS 9.8) – Stack-based Buffer Overflow

A critical stack-based buffer overflow vulnerability has been identified in the web service of several D-Link router models. This flaw allows unauthenticated remote attackers to execute arbitrary code on the device. The vulnerability affects:

• DIR-X5460 A1 (firmware versions 1.01, 1.02, 1.04, 1.10)
• DIR-X4860 A1 (firmware versions 1.00, 1.04)

Attackers leveraging this vulnerability could potentially take full control of the router, injecting malicious code that may compromise the security and privacy of connected users. To mitigate this, D-Link has released firmware updates:

• DIR-X5460 A1: Update to version 1.11B04 or later
• DIR-X4860 A1: Update to version 1.04B05 or later

CVE-2024-45698 (CVSS 8.8) – OS Command Injection

Another major flaw involves OS Command Injection via improper validation of user input in the telnet service. By exploiting hard-coded credentials, attackers can remotely log into the router via telnet and inject OS commands. This issue affects:

• DIR-X4860 A1 (firmware versions 1.00, 1.04)

This vulnerability provides attackers with an open gateway to execute arbitrary commands on the device, leading to severe consequences such as data exfiltration or denial of service (DoS). Firmware updates are crucial for securing affected routers:

• DIR-X4860 A1: Update to version 1.04B05 or later

CVE-2024-45697 (CVSS 9.8) – Hidden Functionality

A particularly alarming issue involves hidden functionality in certain D-Link router models, where the telnet service is automatically enabled when the WAN port is connected. Using hard-coded credentials, remote attackers can gain access to the router and execute OS commands. Affected models include:

• DIR-X4860 A1 (firmware versions 1.00, 1.04)

To address this security risk, D-Link has provided the following update:

• DIR-X4860 A1: Update to version 1.04B05 or later

CVE-2024-45695 (CVSS 9.8) – Stack-based Buffer Overflow (DIR-X4860 A1)

This vulnerability mirrors CVE-2024-45694 but is specific to the DIR-X4860 A1 model. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code on the device, potentially causing widespread damage. Users of the DIR-X4860 A1 model should apply the necessary firmware update:

• DIR-X4860 A1: Update to version 1.04B05 or later

CVE-2024-45696 (CVSS 8.8) – Hidden Functionality with Internal Access

Certain D-Link routers contain hidden functionality that allows attackers to enable the telnet service via specific network packets. While this vulnerability is limited to local network access, it poses a significant risk if exploited by attackers within the same network as the device. Affected products include:

• DIR-X4860 A1 (firmware versions 1.00, 1.04)
• COVR-X1870 (firmware versions v1.02 and earlier)

To mitigate this risk, D-Link has issued firmware updates:

• DIR-X4860 A1: Update to version 1.04B05 or later
• COVR-X1870: Update to version v1.03B01 or later

Recommendations

Given the critical nature of these vulnerabilities, users of the affected D-Link models should take immediate action by updating to the latest firmware versions. Failure to apply these updates leaves devices vulnerable to remote code execution, command injection, and unauthorized access, which could result in data loss, device hijacking, and other malicious activities.

The firmware updates can be downloaded from D-Link’s official support page. Additionally, users are encouraged to regularly check for future firmware updates, disable unused services, and ensure that their router settings adhere to security best practices.

Related Posts:

• APT organization steals D-Link company digital certificate to sign its malware
• Hackers Actively Exploiting Critical D-Link NAS Vulnerability: 90,000+ Devices at Risk
• D-Link router and modem vulnerabilities are being exploited by Satori IoT botnet
• CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices
• D-Link Won’t Fix 4 RCE Vulnerabilities in DIR-846W Router