6 New Vulnerabilities Found on D-Link Home Routers
by CIRT Team
Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware.The vulnerabilities were found in the DIR-865L model of D-Link routers.
The following are the six vulnerabilities found:
CVE-2020-13782: Improper Neutralization of Special Elements Used in a Command (Command Injection)
CVE-2020-13786: Cross-Site Request Forgery (CSRF)
CVE-2020-13785: Inadequate Encryption Strength
CVE-2020-13784: Predictable seed in pseudo-random number generator
CVE-2020-13783: Cleartext storage of sensitive information
CVE-2020-13787: Cleartext transmission of sensitive information
Impact:
Different combinations of these vulnerabilities can lead to significant risks. For example, malicious users can sniff network traffic to steal session cookies. With this information, they can access the administrative portal for file sharing, giving them the ability to upload arbitrary malicious files, download sensitive files, or delete essential files. They can also use the cookie to run arbitrary commands to conduct a denial of service attack.
Mitigations:
D-Link has released a patch that consumers are strongly recommended to install, for more information, please visit following URL:
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174
Reference:
https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174
Recommended Posts
Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh
06 Nov 2024 - Security Advisories & Alerts