A serious security flaw has been uncovered in numerous D-Link router models that could allow attackers to gain remote control over the devices. The vulnerability, assigned CVE-2019-17621, is a remote command execution flaw stemming from improper handling of UPnP requests.
First discovered by researchers at Telefónica Chile, the vulnerability makes it possible for an unauthenticated attacker to execute arbitrary commands on affected D-Link routers if they can access the local network that the router is connected to. While restricting the attack vector to the local network narrows the risk, it still represents a significant threat.
By exploiting this flaw, malicious actors could fully compromise vulnerable D-Link routers. They could steal sensitive data, install malware, recruit the devices into botnets for launching larger-scale attacks, and carry out other nefarious actions. Over a dozen router models are known to be impacted, including some that are no longer supported by D-Link.
Additionally, the researchers found an information disclosure vulnerability that allows retrieving the VPN configuration file from affected routers. This file may contain credentials and other sensitive information that could aid attackers.
D-Link has released firmware updates to address the vulnerabilities for some models, with more updates expected soon. However, several end-of-life products will not receive patches and users are advised to replace those routers.
To protect themselves, D-Link router owners should promptly apply the latest firmware updates from the manufacturer as they become available. Those with unsupported models should replace the routers entirely. Enabling automatic updates can also help ensure devices remain protected going forward.
Restricting access to the local network, using strong passwords, and disabling remote administration can further mitigate the risk. However, the most effective solution is to update or replace vulnerable routers without delay.
Manufacturers like D-Link have a responsibility to provide proper security support throughout a product’s lifecycle. Customers should also remain vigilant about potential threats and follow security best practices to reduce exposure to attacks exploiting vulnerabilities.
Related Links:
Businesses and organisations relying on Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defence (FTD) firewalls are being advised to take immediate action to protect…
A recent cyber attack has resulted in a serious data breach affecting the World-Check database, a critical tool used by financial institutions and other organisations…
WhatsApp, the popular messaging service owned by Meta, has become a prime target for fraudsters. A recent scam involves the manipulation of the WhatsApp’s verification…
