I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending

December 5, 2024 at 11:53AM I-O Data confirmed critical vulnerabilities in its routers, allowing remote attackers to disable firewalls and execute commands. Full patches will take weeks. Three flaws—CVE-2024-45841, CVE-2024-47133, and CVE-2024-52564—pose risks of information disclosure and command execution. A partial fix is available, with complete solutions expected by December 2024. ### Meeting Takeaways 1. … Read more

D-Link won’t fix critical bug in 60,000 exposed EoL modems

November 12, 2024 at 03:34PM D-Link routers, specifically the DSL6740C model, face critical vulnerabilities that allow remote attackers to take control, including password changes. D-Link will not address these issues, urging users to replace end-of-life devices. Several other high-severity vulnerabilities have also been identified, affecting around 60,000 exposed modems, primarily in Taiwan. ### Meeting Takeaways: … Read more

Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite

October 25, 2024 at 10:33AM A vulnerability in the Wi-Fi Test Suite, tracked as CVE-2024-41992, allows unauthenticated local attackers to execute arbitrary code on Arcadyan FMIMG51AX000J routers. Discovered by researcher “fj016,” the flaw could grant full administrative access, jeopardizing network security. Vendors are advised to remove or update the Wi-Fi Test Suite to mitigate risks. … Read more

700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking

October 2, 2024 at 05:38PM Multiple critical vulnerabilities in DrayTek routers, including a perfect 10 out of 10 CVSS severity rating, pose security risks for over 785,000 devices. Attackers could exploit these flaws to gain control, steal data, deploy ransomware, and launch denial-of-service attacks. It’s imperative for users to apply patches, employ best practices, and … Read more

Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover

September 20, 2024 at 02:30PM A zero-click vulnerability in MediaTek Wi-Fi chipsets and driver bundles used in routers and smartphones, including those from Ubiquiti, Xiaomi, and Netgear, poses a critical risk, enabling remote code execution without user interaction. A public proof-of-concept exploit is available, so affected users should apply available MediaTek patches promptly. The vulnerability … Read more

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers

September 16, 2024 at 10:29AM D-Link has patched critical vulnerabilities in three popular wireless router models, impacting consumers seeking high-end WiFi 6 routers and mesh networking systems. The vulnerabilities allow remote attackers to execute arbitrary code or access devices using hardcoded credentials. D-Link advises firmware upgrades to fix flaws and criticizes the third-party for publicly … Read more

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

September 4, 2024 at 08:31AM Zyxel has released software updates to address a critical security flaw (CVE-2024-7261) affecting some access points and security routers, along with updates for seven other vulnerabilities. The flaws could result in unauthorized command execution, denial-of-service, or access to browser-based information. D-Link has announced that certain security vulnerabilities will not be … Read more

D-Link says it is not fixing four RCE flaws in DIR-846W routers

September 3, 2024 at 11:48AM D-Link has issued a warning about four remote code execution (RCE) vulnerabilities affecting all hardware and firmware versions of its DIR-846W router. They will not be patched as the products are no longer supported. Based on the meeting notes, the key takeaway is that D-Link has warned about four remote … Read more

Netgear warns users to patch auth bypass, XSS router flaws

July 12, 2024 at 11:35AM Netgear urges customers to update their WiFi 6 routers to address security vulnerabilities. These include a stored cross-site scripting flaw affecting XR1000 Nighthawk gaming routers and an authentication bypass bug impacting CAX30 Nighthawk AX6 6-Stream cable modem routers. Netgear provides steps for firmware updates and warns users of potential consequences … Read more

Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw

July 1, 2024 at 02:34PM Juniper Networks released an emergency patch for a critical authentication bypass vulnerability, tracked as CVE-2024-2973, affecting Session Smart Router, Conductor, and WAN Assurance Router. The flaw, found internally, has the highest CVSS score of 10. Immediate updates for affected devices are recommended to prevent exploitation. Automatic updates will not disrupt … Read more