U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

D-Link addressed three critical RCE in wireless router models

D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote attackers to execute arbitrary code or gain hardcoded credentials. D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694, CVE-2024-45695, CVE-2024-45697, impacting three wireless router models. The flaws can allow attackers to remotely execute arbitrary code or access the devices using hardcoded credentials. […]

D-Link NAS

D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote attackers to execute arbitrary code or gain hardcoded credentials.

D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694, CVE-2024-45695, CVE-2024-45697, impacting three wireless router models. The flaws can allow attackers to remotely execute arbitrary code or access the devices using hardcoded credentials.

The manufacturer also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698.

On June 8, 2021, the TWCERT reported the vulnerabilities in D-Link DIR-X5460 to the company.

“When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. The third-party publicly disclosed the problem before the patches were available on our standard 90-day security patch release schedule.” reads the advisory. “We do not recommend that security researchers act in this manner, as they expose end-users to further risks without patches being available from the manufacturer.”

Below are the descriptions of the issues addressed by D-Link:

CVE-2024-45694 (9.8 critical): The issue is a stack-based buffer overflow in the web service of certain models of D-Link wireless routers. Unauthenticated remote attackers could exploit this vulnerability to execute arbitrary code on the device. The issue impacts:

  • DIR-X5460 A1 frimware version 1.01, 1.02, 1.04, 1.10
  • DIR-X4860 A1 firmware version 1.00, 1.04

CVE-2024-45695 (9.8 critical): The issue is a stack-based buffer overflow in the web service of certain models of D-Link wireless routers. Unauthenticated remote attackers could exploit this vulnerability to execute arbitrary code on the device. The issue impacts:

CVE-2024-45697 (9.8 critical): Certain D-Link router models have a hidden feature that enables the telnet service when the WAN port is connected. This allows unauthorized remote attackers to log in and execute OS commands using hard-coded credentials. The issue impacts:

  • DIR-X4860 A1 firmware version 1.00, 1.04

CVE-2024-45696 (8.8 high): Certain D-Link router models have hidden functionality that allows attackers to enable the telnet service by sending specific packets to the web service. Once enabled, attackers can log in using hard-coded credentials, but the telnet access is limited to the local network. The issue impacts:

  • DIR-X4860 A1 firmware version 1.00, 1.04.
  • COVR-X1870 firmware version v1.02 and earlier.

CVE-2024-45698 (8.8 high): Certain D-Link router models have a vulnerability in the telnet service that allows unauthenticated remote attackers to log in using hard-coded credentials and execute arbitrary OS commands due to improper input validation. The issue impacts:

  • DIR-X4860 A1 firmware version 1.00, 1.04

The company addressed the vulnerabilities in the security bulletin in the versions v1.03B01 for COVR-X1870, v1.04B05 for DIR-X4860, and DIR-X5460A1_V1.11B04 for DIR-X5460.

The Taiwanese manufacturer did not reveal if one of the issues in the security bulletin has been actively exploited in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)