In a significant security alert, millions of D-Link routers are at risk due to critical vulnerabilities that have been discovered in several models, including the DIR-X5460 and DIR-X4860.
These vulnerabilities could allow remote attackers to execute arbitrary code, potentially compromising entire networks. Users are urged to update their firmware immediately to mitigate these risks.
D-Link Vulnerability Details
The vulnerabilities, identified by CVE IDs ranging from CVE-2024-45694 to CVE-2024-45698, have been classified as critical, with CVSS scores as high as 9.8.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
This highlights the severe risk they pose. The issues primarily affect the following models and firmware versions:
- DIR-X5460 A1: Firmware versions 1.01, 1.02, 1.04, 1.10
- DIR-X4860 A1: Firmware versions 1.00, 1.04
Stack-based Buffer Overflow (CVE-2024-45694 & CVE-2024-45695): This flaw in the web service allows unauthenticated, remote attackers to execute arbitrary code on the device.
Improper Input Validation (CVE-2024-45698): This issue in the telnet service enables attackers to use hard-coded credentials to inject OS commands.
Hidden Functionality (CVE-2024-45697 & CVE-2024-45696): These vulnerabilities allow attackers to enable telnet service using hard-coded credentials when specific network conditions are met.
These vulnerabilities can be exploited remotely without user interaction, making them particularly dangerous.
Attackers could gain complete control over affected routers, allowing them to intercept communications, deploy malware, or launch further attacks on connected devices.
To protect against these vulnerabilities, D-Link has released firmware updates that address these critical issues:
- DIR-X5460 A1: Update to firmware version 1.11B04 or later.
- DIR-X4860 A1: Update to firmware version 1.04B05 or later.
Users are strongly advised to apply these updates immediately. Additionally, it is recommended that users change default passwords and disable any unnecessary services to further secure their devices.
The cybersecurity community has reacted swiftly to these revelations. Organizations such as CISA have added these vulnerabilities to their Known Exploited Vulnerabilities catalog, emphasizing the need for immediate action.
Security experts warn that the ease of exploitation and potential impact underscores the importance of prompt patching and vigilant network monitoring.
With millions of devices potentially affected, these vulnerabilities represent a significant threat to network security worldwide.
Users must act quickly to update their devices and secure their networks against potential exploitation.
As cyber threats continue to evolve, maintaining up-to-date security measures is crucial in safeguarding personal and organizational data from malicious actors.
For more information on securing your D-Link router and applying necessary updates, visit the official D-Link support page or consult with cybersecurity professionals if needed.
Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar