• July 15, 2019, 01:07:56 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Remote code execution - Information disclosure - DNS hijacking  (Read 1358 times)

GreenBay42

  • Administrator
  • Level 10 Member
  • *
  • Posts: 2111

D-Link was presented with a report of three potential vulnerabilities in DIR-820L by a third-party who conducted security penetration tests. As part of D-Link’s continuing efforts of resolving security issues, D-Link expanded its investigation to other routers.  First vulnerability reportedly relates to a malicious user who might be  be connected to the LAN-side of the device to use the devices upload utility to load malicious code without authentication.  A second vulnerability reportedly relates to the device’s ping utility that  might permit command injection without authentication.  A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration

Affected products:
  • DIR-626L
  • DIR-636L
  • DIR-651
  • DIR-808L
  • DIR-810L
  • DIR-820L
  • DIR-826L
  • DIR-830L
  • DIR-836L

For more information and firmware --> https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10087
Logged