Announcements > Security Advisories
Remote code execution - Information disclosure - DNS hijacking
(1/1)
GreenBay42:
D-Link was presented with a report of three potential vulnerabilities in DIR-820L by a third-party who conducted security penetration tests. As part of D-Link’s continuing efforts of resolving security issues, D-Link expanded its investigation to other routers. First vulnerability reportedly relates to a malicious user who might be be connected to the LAN-side of the device to use the devices upload utility to load malicious code without authentication. A second vulnerability reportedly relates to the device’s ping utility that might permit command injection without authentication. A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration
Affected products:
[*]DIR-626L
[*]DIR-636L
[*]DIR-651
[*]DIR-808L
[*]DIR-810L
[*]DIR-820L
[*]DIR-826L
[*]DIR-830L
[*]DIR-836L
[/list]
For more information and firmware --> https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10087
Navigation
[0] Message Index
Go to full version