July 1, 2024 at 08:21AM
Attackers are targeting a critical vulnerability (CVE-2024-0769) in discontinued D-Link DIR-859 WiFi routers, enabling remote exploitation without authentication and leaking sensitive information. A published exploit has already been observed in the wild, and mass exploitation is anticipated. D-Link urges owners to replace these devices, as they are no longer receiving fixes.
Based on the meeting notes, some key takeaways are:
1. Attackers are exploiting a critical-severity vulnerability (CVE-2024-0769) impacting D-Link DIR-859 WiFi routers, which were discontinued four years ago.
2. The vulnerability is described as a path traversal flaw in the HTTP POST request handler component of the affected routers, allowing remote exploitation without authentication to leak sensitive information.
3. Proof-of-concept (PoC) code targeting the vulnerability was published in January 2024, leading to the first in-the-wild attempt to exploit the security defect using a variation of the publicly available exploit.
4. The in-the-wild exploit targets a different file to disclose all the sensitive information associated with all user accounts on the device, posing a significant risk to users.
5. Owners of D-Link DIR-859 routers are advised to replace them with newer, supported products, as the discontinued devices are no longer receiving fixes and will not be patched for the vulnerability.
6. GreyNoise anticipates the possibility of mass exploitation of the vulnerability, given its impact on all D-Link DIR-859 revisions and firmware versions.
7. The disclosed information from the device will remain valuable to attackers for the lifetime of the device as long as it remains internet facing, posing a long-term security risk.
8. Additionally, the meeting notes provide related information on other recent vulnerabilities and exploited flaws in various systems and devices.
These takeaways highlight the urgency for affected users to address the security risk posed by the D-Link DIR-859 vulnerability, and to stay aware of potential mass exploitation and related security advisories.