Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

D-Link home routers affected by remote command injection flaw

D-Link routers contain a vulnerability that could be exploited by attackers to get root access remotely and run several attacks. Once again security experts have found security vulnerabilities in home routers, these devices are a privileged target of cyber criminals that exploit the flaws in the software they run for several purposes. This time the flawed routers […]

D-Link home routers affected by remote command injection flaw

D-Link routers contain a vulnerability that could be exploited by attackers to get root access remotely and run several attacks.

Once again security experts have found security vulnerabilities in home routers, these devices are a privileged target of cyber criminals that exploit the flaws in the software they run for several purposes. This time the flawed routers are manufactured by D-Link and contain a security vulnerability that expose them to remote attacks.

The attackers can get root access to the D-Link router by exploiting the flaw, this allows them to change setting to run various attacks like traffic redirection through DNS hijacking. Exactly one month ago,  a similar flaw was discovered by the Bulgarian security expert Todor Donev, member of the Ethical Hacker research team in other devices. The expert discovered a critical vulnerability the ZynOS firmware, which is used by D-Link and many other devices from other vendors, including TP-Link and ZTE.

This new vulnerability affecting a number of D-Link home routers was discovered by the security researcher Peter Adkins which reported it to the vendor in January without success.

“Due to the nature of the the ping.ccp vulnerability, an attacker can gain root access, hijack DNS settings or execute arbitrary commands on these devices with the user simply visiting a webpage with a malicious HTTP form embedded (via CSRF),” Adkins said in a description of the issue on GitHub

d-link router 3

According to the advisory published on the SecLists.org, the vulnerability was discovered also by the researcher Tiago Caetano Henriques of Swisscom in November, also in this case the researcher reported it to D-Link company..

“The D-Link DIR636L (possibly others) incorrectly filters input on the ‘ping’ tool which allows to inject arbitrary commands into the router. Secondly, authentication is not being performed correctly. This enables a remote attacker to gain full control of the router, for example to attack other networks in a DDoS style attack, or even expose computers behind these devices to the internet as you are able to change firewall/nat rules on this router,” states the description of the flaw from Swisscom.

Adkins explained that other versions of D-Link routers and one router from TRENDnet are affected by the same vulnerability. The flawed version of D-Link routers are:

  • D-Link DIR-820L (Rev A) – v1.02B10
  • D-Link DIR-820L (Rev A) – v1.05B03
  • D-Link DIR-820L (Rev B) – v2.01b02
  • TRENDnet TEW-731BR (Rev 2) – v2.01b01

There are no patches available for the vulnerability right now. A

Pierluigi Paganini

(Security Affairs –  D-Link home routers, hacking)