Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Taiwanese Government Warns of Hidden Backdoor in D-Link Routers
#1
https://www.security.nl/posting/846224/T...nk-routers    Taiwanese Government Warns of Hidden Backdoor in D-Link Routers
Monday 17 June 2024, 16:25 by Redactie,
Several of D-Link's routers contain a "hidden backdoor" that allows attackers to log into the devices, Taiwan's Computer Emergency Response Team (TWCERT) has warned.

"Certain models of D-Link Wi-Fi routers include an unlisted factory test backdoor. Unauthenticated attackers on the local network can enable Telnet via a special url and then log in via the admin credentials found in the firmware," the Taiwanese government agency explained. According to D-Link's description, it is a path traversal vulnerability, although it could also be a flaw in the description, as the same security bulletin describes a different path traversal vulnerability.

According to D-Link's explanation, an unauthenticated attacker can gain access to a specific URL, which can be used to enable Telnet. Then, an attacker can log in using the hardcoded credentials found in the router firmware. Telnet, which dates back to 1969, allows users to log in to machines remotely. It does not use encryption, which means that username and password are sent unencrypted. Its use is therefore not recommended and is now disabled on many devices.

According to D-Link, the attack is only possible from the LAN side. The problem seems to be mainly with Wi-Fi networks that multiple people have access to. The impact of the vulnerability (CVE-2024-6045) was rated 8.8 on a scale of 1 to 10. The vulnerability exists in the following models: E15, G403, G415, G416, M15, M18, M32, R03, R04, R12, R15, R18, R32, and AQUILA PRO AI Family model E30, M30, and M60. The available firmware updates can be installed automatically and manually.      Website status:

Safe


www.security.nl/posting/846224/Taiwanese+overheid+waarschuwt+voor+verborgen+backdoor+in+D-Link-routers

We combed through this website and everything looks good to us. You're safe!

info
Information Security    McAfee WebAdvisor


Attached Files Thumbnail(s)
   
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  ASUS warns of Cyclops Blink malware attacks targeting routers tarekma7 0 2,076 03-19-2022 , 02:40 PM
Last Post: tarekma7
  Microsoft creates tool to scan MikroTik routers for TrickBot infections tarekma7 0 980 03-19-2022 , 02:35 PM
Last Post: tarekma7
  New SideWalk Backdoor Targeting U.S. Computer Retailers mrtrout 0 1,773 08-27-2021 , 01:22 AM
Last Post: mrtrout
  Researchers Warn of Facefish Backdoor Spreading Linux Rootkits mrtrout 0 979 05-28-2021 , 10:58 PM
Last Post: mrtrout
  Bizarro Banking Trojan Sports Sophisticated Backdoor Bjyda 0 1,054 05-23-2021 , 09:22 PM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)