A wireless router made by D-Link has nearly one dozen critical vulnerabilities, according to researcher Pierre Kim. The bugs found are in D-Link’s model DIR 850L wireless AC1200 dual-band gigabit cloud routers and could allow a hacker to ultimately hijack the routers and take control of them.
The vulnerabilities range from a command injection bug, a flaw that allows backdoor access to the router, to the fact hardcoded encryption keys are stored on the device. “The Dlink 850L is a router overall badly designed with a lot of vulnerabilities. Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused,” Kim wrote.Read more
If you own a D-Link wireless router, especially DWR-932 B LTE router, you should get rid of it, rather than wait for a firmware upgrade that never lands soon.
D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP configuration. If successfully exploited, these vulnerabilities could allow attackers to remotely hijack and control your router, as well as network, leaving all connected devices vulnerable to man-in-the-middle and DNS poisoning attacks. Moreover, your hacked router can be easily abused by cybercriminals.Read more
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products. The vulnerability was initially discovered a month ago by researchers from security start-up firm Senrio in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app.
The flaw, a stack overflow, is located in a firmware service called dcp, which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system. How to respond to ransomware threats?Read more