• December 04, 2021, 08:29:19 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-819 - Rev A - Remote Code Execution  (Read 758 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2694
DIR-819 - Rev A - Remote Code Execution
« on: August 12, 2021, 08:20:56 AM »

For more information and firmware patch, please visit https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10231

On July 13, 2021, a 3rd party researchert at HITCON ZeroDay publically disclosed a 0-day security report on the non-US SKU DIR-819 with firmeare v1.06 which may allow a user to access to device's configuration and managment interface.

Once the device was fully booted , it gave access to connected clients over LAN to upload or dowload the cfg file over tftp. This access can elevate security issues by allowing a malicious users to change the devices configuration.

The report provided by DrmnSamoLiu at HITCON ZeroDay
ZDID:ZD-2021-00248
Logged