D-Link was presented with a report of three potential vulnerabilities in DIR-820L by a third-party who conducted security penetration tests. As part of D-Link’s continuing efforts of resolving security issues, D-Link expanded its investigation to other routers. First vulnerability reportedly relates to a malicious user who might be be connected to the LAN-side of the device to use the devices upload utility to load malicious code without authentication. A second vulnerability reportedly relates to the device’s ping utility that might permit command injection without authentication. A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration
Affected products:
- DIR-626L
- DIR-636L
- DIR-651
- DIR-808L
- DIR-810L
- DIR-820L
- DIR-826L
- DIR-830L
- DIR-836L
For more information and firmware -->
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10087