Monday, April 28, 2025
Follow us On Linkedin
HomeIoTMultiple Vulnerabilities in D-Link Routers Allows Hackers Gain Complete Control & Extract...

Multiple Vulnerabilities in D-Link Routers Allows Hackers Gain Complete Control & Extract Sensitive Data

IoTVulnerability

Published on

By Balaji
Multiple Vulnerabilities in D-Link Routers Allows Hackers Gain Complete Control & Extract Sensitive Data

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Set of 4 Vulnerabilities are discovered in D-Link DIR-620 firmware that allows an attacker to exploit with the hardcoded default credentials to gain high privileged access to the firmware.

D-Link routers are one of the biggest ISPs in Russia based on the Router login string contains hardcoded credentials with the name of the ISP.

The Vulnerabilities allow attack could gain the privileged access to the firmware that leads to extract the sensitive data such as Plain text Passwords.

- Advertisement - Google News

It also affected the web interface that allows an attacker to run arbitrary commands in the router’s operating system and arbitrary JavaScript code in the user environment.

These vulnerabilities initially identified in firmware version 1.0.37 and the few vulnerabilities affected other versions( 1.3.1, 1.3.3, 1.4.0, 2.0.22) of the firmware.

 D-Link Routers Vulnerabilities

There are 4 critical vulnerabilities are reporting and all the vulnerabilities contain the high severity rate that causes very serious damages.

  1. Reflected cross-site scripting (CVE-2018-6212)
  2. Default credentials for web dashboard (CVE-2018-6213)
  3. OS command injection  (CVE-2018-6211)
  4. Default credentials for Telnet (CVE-2018-6210)

Cross-site scripting(XSS)

Researchers discovered reflected cross-site scripting(XSS) vulnerability in one the D-link router field due to poor user data validation and incorrect processing of the XMLHttpRequest object.

This vulnerability was discovered in v.1.3.3 and other versions.

Default credentials for web Dashboard

D-Link contains default credentials for web dashboard which cannot be changed by administrators which leads to attacker gain the sensitive data from Vulnerable routers.

According to Kaspersky Researcher, I extracted strings from the web server binary (httpd), and my attention was immediately drawn to the “anonymous” string. I looked at the function where this string was being used.

OS Command Injection

An OS Command injection vulnerability discovered in D – v.1.0.3  that leads to processing incorrectly user’s input data.

Default Credentials for Telnet

This critical vulnerability allows an attacker to extract Telnet credentials. In this case, the attacker also gain the admin level access by using the default credentials.

Mitigation :

  • Restrict any access to the web dashboard using a whitelist of trusted IPs
  • Restrict any access to Telnet
  • Regularly change your router admin username and password
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CISO

How To Use Digital Forensics To Strengthen Your Organization’s Cybersecurity Posture

Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional...
CISO

Building A Strong Compliance Framework: A CISO’s Guide To Meeting Regulatory Requirements

In the current digital landscape, Chief Information Security Officers (CISOs) are under mounting pressure...
AI

Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to...
AI

New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

AI

New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals...
cyber security

WooCommerce Users Targeted by Fake Security Vulnerability Alerts

A concerning large-scale phishing campaign targeting WooCommerce users has been uncovered by the Patchstack...
Chrome

Chrome UAF Process Vulnerabilities Actively Exploited

Security researchers have revealed that two critical use-after-free (UAF) vulnerabilities in Google Chrome’s Browser...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved