Saturday, April 5, 2025
Follow us On Linkedin
HomeVulnerability6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote...

6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote Attacks

Vulnerability

Published on

By Gurubaran
D-Link wireless

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Security researchers from Palo Alto Networks discovered new six vulnerabilities with D-Link wireless home router let attackers launch remote attacks.

The vulnerabilities found with the DIR-865L model of D-Link routers, those are mostly used in home-based environments. In the current situation as we are working from home these vulnerabilities may pose serious threats.

Researchers absorbed six such vulnerabilities with the newer models of the firmware. Combining vulnerabilities can lead to significant risks.

CVE-2020-13782

The vulnerabilities reside in the controller of the web interface of the router, an attacker with authentication, or by having an active session cookie can inject an arbitrary code to execute in administrative privileges.

D-Link wireless

CVE-2020-13786

Multiple webpages of router web interface vulnerable to CSRF. It allows an attacker to sniff the web traffic and to gain access to password-protected pages of the web interface.

CVE-2020-13785

Data transferred with the SharePort Web Access portal on port 8181 are not encrypted, it allows an attacker to determine the password.

CVE-2020-13784

The session cookie generation is predictable, an attacker can determine the session cookie by just knowing the user login time.

CVE-2020-13783

The login credentials are stored in plain text, an attacker must have physical access to steal the passwords.

D-Link wireless

CVE-2020-13787

If the administrator selects Wired Equivalent Privacy (WEP) which was deprecated in 2004 for guest wifi network then passwords will be sent cleartext.

Combining all these vulnerabilities allow attackers to run arbitrary commands, exfiltrate data, upload malware, delete data, or steal user credentials, reads Paloalto blog post.

D-Link fixed the vulnerabilities with the router, users are recommended to update with the latest firmware to patch the vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Hackers Hijacking DLink Routers to Gain Bank Credentials By Using Various Router Exploits

New DNS Hijacking Attack Exploiting DLink Routers to Target Netflix, PayPal, Uber, Gmail Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cyber Security News

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti...
cyber security

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing...
ChatGPT

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of...
cyber security

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM)...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

cyber security

Chinese Hackers Exploit Ivanti VPN Vulnerability to Deliver Malware Payloads

Ivanti disclosed a critical security vulnerability, CVE-2025-22457, affecting its Connect Secure (ICS) VPN appliances,...
CVE/vulnerability

Vite Development Server Flaw Allows Attackers Bypass Path Restrictions

A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server.Due to improper...
CVE/vulnerability

Critical Apache Parquet Vulnerability Allows Remote Code Execution

A severe vulnerability has been identified in the Apache Parquet Java library, specifically within...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved