Saturday, May 31, 2025
HomeVulnerability6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote...

6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote Attacks

Published on

SIEM as a Service

Follow Us on Google News

Security researchers from Palo Alto Networks discovered new six vulnerabilities with D-Link wireless home router let attackers launch remote attacks.

The vulnerabilities found with the DIR-865L model of D-Link routers, those are mostly used in home-based environments. In the current situation as we are working from home these vulnerabilities may pose serious threats.

Researchers absorbed six such vulnerabilities with the newer models of the firmware. Combining vulnerabilities can lead to significant risks.

- Advertisement - Google News

CVE-2020-13782

The vulnerabilities reside in the controller of the web interface of the router, an attacker with authentication, or by having an active session cookie can inject an arbitrary code to execute in administrative privileges.

 D-Link wireless

CVE-2020-13786

Multiple webpages of router web interface vulnerable to CSRF. It allows an attacker to sniff the web traffic and to gain access to password-protected pages of the web interface.

CVE-2020-13785

Data transferred with the SharePort Web Access portal on port 8181 are not encrypted, it allows an attacker to determine the password.

CVE-2020-13784

The session cookie generation is predictable, an attacker can determine the session cookie by just knowing the user login time.

CVE-2020-13783

The login credentials are stored in plain text, an attacker must have physical access to steal the passwords.

 D-Link wireless

CVE-2020-13787

If the administrator selects Wired Equivalent Privacy (WEP) which was deprecated in 2004 for guest wifi network then passwords will be sent cleartext.

Combining all these vulnerabilities allow attackers to run arbitrary commands, exfiltrate data, upload malware, delete data, or steal user credentials, reads Paloalto blog post.

D-Link fixed the vulnerabilities with the router, users are recommended to update with the latest firmware to patch the vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Hackers Hijacking DLink Routers to Gain Bank Credentials By Using Various Router Exploits

New DNS Hijacking Attack Exploiting DLink Routers to Target Netflix, PayPal, Uber, Gmail Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra...

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages...

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated...

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates

A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source...

New Study Uncovers Multiple Vulnerabilities in WeChat and IM Apps

Instant messaging (IM) applications like WeChat have become indispensable for billions, facilitating not only...

Next.js Dev Server Vulnerability Leads to Developer Data Exposure

A recently disclosed vulnerability, CVE-2025-48068, has raised concerns among developers using the popular Next.js...