Announcements > Security Advisories

Remote code execution - Information disclosure - DNS hijacking

(1/1)

GreenBay42:
D-Link was presented with a report of three potential vulnerabilities in DIR-820L by a third-party who conducted security penetration tests. As part of D-Link’s continuing efforts of resolving security issues, D-Link expanded its investigation to other routers.  First vulnerability reportedly relates to a malicious user who might be  be connected to the LAN-side of the device to use the devices upload utility to load malicious code without authentication.  A second vulnerability reportedly relates to the device’s ping utility that  might permit command injection without authentication.  A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration

Affected products:
[*]DIR-626L
[*]DIR-636L
[*]DIR-651
[*]DIR-808L
[*]DIR-810L
[*]DIR-820L
[*]DIR-826L
[*]DIR-830L
[*]DIR-836L
[/list]

For more information and firmware --> https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10087

Navigation

[0] Message Index