November 20, 2024 at 09:38AM D-Link advises owners of older VPN routers to replace their devices due to a serious remote code execution vulnerability. The company won’t issue patches for end-of-life products but offers a 20% discount on a new router. Users are encouraged to update passwords and enable Wi-Fi encryption. ### Meeting Takeaways 1. … Read more
November 19, 2024 at 01:03PM D-Link is advising customers to replace outdated VPN router models due to a serious, unpatched vulnerability that allows for unauthenticated remote code execution. This security flaw poses significant risks, and affected devices will not receive fixes. ### Meeting Takeaways: 1. **Security Alert from D-Link**: Customers are being advised about a … Read more
November 13, 2024 at 01:37PM A critical vulnerability (CVE-2024-10914) in D-Link end-of-life NAS devices allows unauthenticated command injection via malicious HTTP requests. D-Link has ceased support and advises customers to retire affected models. Despite warnings, attackers have begun exploiting this flaw, targeting over 41,000 exposed devices on the internet. ### Meeting Takeaways 1. **Critical Vulnerability … Read more
November 11, 2024 at 06:10AM D-Link has alerted users about a critical command injection vulnerability in several discontinued NAS models, leaving them exposed to remote attacks. This emphasizes the importance of maintaining security awareness for legacy devices. **Meeting Takeaways:** 1. **Vulnerability Alert**: D-Link has identified a critical-severity command injection vulnerability. 2. **Affected Products**: The issue … Read more
October 1, 2024 at 08:51AM CISA alerted organizations about exploited SAP Commerce, Gpac framework, and D-Link DIR-820 router vulnerabilities, which are years old. This warning highlights the ongoing risk posed by these vulnerabilities in the wild. (47 words) Based on the meeting notes, the key takeaway is that CISA has warned about the exploitation of … Read more
September 17, 2024 at 10:21AM D-Link announced patches for critical vulnerabilities in wireless routers, including stack-based buffer overflow flaws and hardcoded credentials that could lead to remote code execution. The issues impact COVR-X1870, DIR-X5460, and DIR-X4860 models, with fixes released on September 13. D-Link urges researchers not to disclose vulnerabilities before patches are available. Meeting … Read more
September 16, 2024 at 10:29AM D-Link has patched critical vulnerabilities in three popular wireless router models, impacting consumers seeking high-end WiFi 6 routers and mesh networking systems. The vulnerabilities allow remote attackers to execute arbitrary code or access devices using hardcoded credentials. D-Link advises firmware upgrades to fix flaws and criticizes the third-party for publicly … Read more
September 4, 2024 at 06:54AM D-Link warns of multiple critical and high-severity remote code execution (RCE) vulnerabilities affecting the discontinued DIR-846 router model. Four RCE flaws, including OS command injection issues, remain unpatched. The company advises retiring and replacing EOL/EOS devices, as it has ceased firmware development for discontinued products and is unable to resolve … Read more
September 3, 2024 at 11:48AM D-Link has issued a warning about four remote code execution (RCE) vulnerabilities affecting all hardware and firmware versions of its DIR-846W router. They will not be patched as the products are no longer supported. Based on the meeting notes, the key takeaway is that D-Link has warned about four remote … Read more
May 17, 2024 at 09:57AM CISA added two D-Link product CVEs to its Known Exploited Vulnerabilities Catalog, urging federal agencies to address them promptly. The first CVE, CVE-2014-100005, affects decade-old security flaws in legacy D-Link routers. The second D-Link CVE added is CVE-2021-40655, an information disclosure bug in discontinued DIR-605 routers. CISA also included CVE-2024-4761, … Read more