September 16, 2024 at 10:29AM
D-Link has patched critical vulnerabilities in three popular wireless router models, impacting consumers seeking high-end WiFi 6 routers and mesh networking systems. The vulnerabilities allow remote attackers to execute arbitrary code or access devices using hardcoded credentials. D-Link advises firmware upgrades to fix flaws and criticizes the third-party for publicly disclosing the issues before patches were available. BleepingComputer seeks further details, and despite no known exploitation, security updates are crucial due to D-Link’s susceptibility to malware botnets.
Based on the meeting notes, the key takeaways are:
1. D-Link has fixed critical vulnerabilities in three popular wireless router models, impacting models specifically in the consumer networking market, including high-end WiFi 6 routers (DIR-X) and mesh networking systems (COVR).
2. The bulletin lists five vulnerabilities, three of which are rated critical, in the firmware versions of COVR-X1870, DIR-X4860, and DIR-X5460.
3. The five flaws are associated with stack-based buffer overflow, enabling telnet service using hard-coded credentials, and improper input validation.
4. To fix the flaws, D-Link recommends customers upgrade to specific firmware versions for each impacted model.
5. D-Link learned of the flaws from the country’s CERT (TWCERT) on June 24 but was not given the standard 90-day period to fix the flaws before they were disclosed.
6. BleepingComputer has contacted D-Link to learn more about the vulnerabilities and D-Link has not reported any in-the-wild exploitation of the flaws, but installing the security updates is crucial due to the common targeting of D-Link by malware botnets.
Let me know if you need any further assistance.