06-18-2024 , 07:25 AM
https://www.security.nl/posting/846224/T...nk-routers Taiwanese Government Warns of Hidden Backdoor in D-Link Routers
Monday 17 June 2024, 16:25 by Redactie,
Several of D-Link's routers contain a "hidden backdoor" that allows attackers to log into the devices, Taiwan's Computer Emergency Response Team (TWCERT) has warned.
"Certain models of D-Link Wi-Fi routers include an unlisted factory test backdoor. Unauthenticated attackers on the local network can enable Telnet via a special url and then log in via the admin credentials found in the firmware," the Taiwanese government agency explained. According to D-Link's description, it is a path traversal vulnerability, although it could also be a flaw in the description, as the same security bulletin describes a different path traversal vulnerability.
According to D-Link's explanation, an unauthenticated attacker can gain access to a specific URL, which can be used to enable Telnet. Then, an attacker can log in using the hardcoded credentials found in the router firmware. Telnet, which dates back to 1969, allows users to log in to machines remotely. It does not use encryption, which means that username and password are sent unencrypted. Its use is therefore not recommended and is now disabled on many devices.
According to D-Link, the attack is only possible from the LAN side. The problem seems to be mainly with Wi-Fi networks that multiple people have access to. The impact of the vulnerability (CVE-2024-6045) was rated 8.8 on a scale of 1 to 10. The vulnerability exists in the following models: E15, G403, G415, G416, M15, M18, M32, R03, R04, R12, R15, R18, R32, and AQUILA PRO AI Family model E30, M30, and M60. The available firmware updates can be installed automatically and manually. Website status:
Safe
www.security.nl/posting/846224/Taiwanese+overheid+waarschuwt+voor+verborgen+backdoor+in+D-Link-routers
We combed through this website and everything looks good to us. You're safe!
info
Information Security McAfee WebAdvisor
Monday 17 June 2024, 16:25 by Redactie,
Several of D-Link's routers contain a "hidden backdoor" that allows attackers to log into the devices, Taiwan's Computer Emergency Response Team (TWCERT) has warned.
"Certain models of D-Link Wi-Fi routers include an unlisted factory test backdoor. Unauthenticated attackers on the local network can enable Telnet via a special url and then log in via the admin credentials found in the firmware," the Taiwanese government agency explained. According to D-Link's description, it is a path traversal vulnerability, although it could also be a flaw in the description, as the same security bulletin describes a different path traversal vulnerability.
According to D-Link's explanation, an unauthenticated attacker can gain access to a specific URL, which can be used to enable Telnet. Then, an attacker can log in using the hardcoded credentials found in the router firmware. Telnet, which dates back to 1969, allows users to log in to machines remotely. It does not use encryption, which means that username and password are sent unencrypted. Its use is therefore not recommended and is now disabled on many devices.
According to D-Link, the attack is only possible from the LAN side. The problem seems to be mainly with Wi-Fi networks that multiple people have access to. The impact of the vulnerability (CVE-2024-6045) was rated 8.8 on a scale of 1 to 10. The vulnerability exists in the following models: E15, G403, G415, G416, M15, M18, M32, R03, R04, R12, R15, R18, R32, and AQUILA PRO AI Family model E30, M30, and M60. The available firmware updates can be installed automatically and manually. Website status:
Safe
www.security.nl/posting/846224/Taiwanese+overheid+waarschuwt+voor+verborgen+backdoor+in+D-Link-routers
We combed through this website and everything looks good to us. You're safe!
info
Information Security McAfee WebAdvisor