Tuesday, October 8, 2024
HomeVulnerability6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote...

6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote Attacks

Published on

Security researchers from Palo Alto Networks discovered new six vulnerabilities with D-Link wireless home router let attackers launch remote attacks.

The vulnerabilities found with the DIR-865L model of D-Link routers, those are mostly used in home-based environments. In the current situation as we are working from home these vulnerabilities may pose serious threats.

Researchers absorbed six such vulnerabilities with the newer models of the firmware. Combining vulnerabilities can lead to significant risks.

- Advertisement - EHA

CVE-2020-13782

The vulnerabilities reside in the controller of the web interface of the router, an attacker with authentication, or by having an active session cookie can inject an arbitrary code to execute in administrative privileges.

 D-Link wireless

CVE-2020-13786

Multiple webpages of router web interface vulnerable to CSRF. It allows an attacker to sniff the web traffic and to gain access to password-protected pages of the web interface.

CVE-2020-13785

Data transferred with the SharePort Web Access portal on port 8181 are not encrypted, it allows an attacker to determine the password.

CVE-2020-13784

The session cookie generation is predictable, an attacker can determine the session cookie by just knowing the user login time.

CVE-2020-13783

The login credentials are stored in plain text, an attacker must have physical access to steal the passwords.

 D-Link wireless

CVE-2020-13787

If the administrator selects Wired Equivalent Privacy (WEP) which was deprecated in 2004 for guest wifi network then passwords will be sent cleartext.

Combining all these vulnerabilities allow attackers to run arbitrary commands, exfiltrate data, upload malware, delete data, or steal user credentials, reads Paloalto blog post.

D-Link fixed the vulnerabilities with the router, users are recommended to update with the latest firmware to patch the vulnerabilities.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Hackers Hijacking DLink Routers to Gain Bank Credentials By Using Various Router Exploits

New DNS Hijacking Attack Exploiting DLink Routers to Target Netflix, PayPal, Uber, Gmail Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...

Comcast Cyber Attack Impacts 237,000+ Users Personal Data

Comcast Cable Communications LLC has reported that over 237,000 users' data has been compromised....

American Water Works Cyber Attack Impacts IT Systems

American Water Works Company, Inc., a leading provider of water and wastewater services, announced...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently...