D-Link Forums
Announcements => Security Advisories => Topic started by: GreenBay42 on April 19, 2018, 09:42:04 AM
-
Read info at https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html (https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html)
Note this only affects the DIR-868L with firmware v1.09SHC (Singapore StarHub users)
The CGIBIN’s URI /authentication.cgi that handles authentication didn’t sanitize the input properly. As a result, a maliciously crafted HTTP request can cause a buffer overflow and lead to remote code execution.
Affected models: DIR868L
Affected firmware: v1.09SHC
Fixed firmware: v1.21SHCb03
Due to the severity and ease of exploitation of this vulnerability, FortiGuard Labs has followed a responsible disclosure protocol, which includes only releasing a partial disclosure as a warning for our customers, but which does not include code samples or a detailed description of the exploit.
We have recently observed that more than one hundred devices reachable via the internet are still using the old firmware, and are affected by this vulnerability. If you own any of the affected models, please go to http://www.dlink.com.sg/dir-868l/#firmware (http://www.dlink.com.sg/dir-868l/#firmware) to update your device to the latest version as soon as possible.