D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link will not address four critical RCE vulnerabilities in DIR-846W routers, advising users to replace them or enhance security settings, as exploitation could pose risks to connected devices.
Read original article
D-Link has announced that it will not address four critical remote code execution (RCE) vulnerabilities affecting its DIR-846W routers, as these devices have reached the end of their support lifecycle. The vulnerabilities, discovered by a security researcher, include three rated as critical and one as high, with the potential for exploitation without authentication. The flaws are detailed as follows: CVE-2024-41622, CVE-2024-44340, CVE-2024-44341, and CVE-2024-44342, with CVSS scores ranging from 8.8 to 9.8. D-Link's policy states that once products reach end-of-life, they will no longer receive security updates. The company advises users to retire the DIR-846W and replace it with a supported model. For those unable to do so, D-Link recommends ensuring the device runs the latest firmware, using strong passwords, and enabling WiFi encryption. The DIR-846W routers, primarily sold outside the U.S., may still pose a risk globally, as many users tend to keep their devices long after support has ended. The vulnerabilities could be exploited by malware botnets, emphasizing the need for immediate action to secure these routers.
- D-Link will not fix four critical RCE vulnerabilities in DIR-846W routers.
- The vulnerabilities are rated critical and do not require authentication for exploitation.
- D-Link advises users to retire the DIR-846W and replace it with a supported model.
- Users unable to replace the router should update firmware and enhance security settings.
- The vulnerabilities could be exploited by malware, posing risks to connected devices.
Related
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warns of a critical TCP/IP vulnerability (CVE-2024-38063) affecting all IPv6-enabled Windows systems, allowing remote code execution. Users should prioritize patching to mitigate risks, as the exploit is wormable.
U.S. lawmakers urge probe into security risks of Chinese TP-Link Wi-Fi routers
U.S. lawmakers are urging an investigation into TP-Link routers due to cybersecurity vulnerabilities and potential compliance with Chinese government demands, amid concerns over attacks linked to the Volt Typhoon hacking group.
Routers from China-based TP-Link a national security threat, US lawmakers claim
U.S. lawmakers are urging an investigation into TP-Link routers over cybersecurity vulnerabilities, citing national security concerns related to Chinese data laws and potential exploitation by hackers, including the Volt Typhoon group.
Hackers infect ISPs with malware that steals customers' credentials
Hackers linked to the Chinese government exploited a zero-day vulnerability in the Versa Director platform, affecting U.S. ISPs, allowing credential capture via malware before hashing. The vulnerability was patched.
Zyxel warns of vulnerabilities in a wide range of its products
Zyxel warns of nearly a dozen vulnerabilities in its products, including a critical flaw allowing unauthenticated command execution. Users are urged to apply patches promptly to mitigate risks.
1 commentsRelated
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warns of a critical TCP/IP vulnerability (CVE-2024-38063) affecting all IPv6-enabled Windows systems, allowing remote code execution. Users should prioritize patching to mitigate risks, as the exploit is wormable.
U.S. lawmakers urge probe into security risks of Chinese TP-Link Wi-Fi routers
U.S. lawmakers are urging an investigation into TP-Link routers due to cybersecurity vulnerabilities and potential compliance with Chinese government demands, amid concerns over attacks linked to the Volt Typhoon hacking group.
Routers from China-based TP-Link a national security threat, US lawmakers claim
U.S. lawmakers are urging an investigation into TP-Link routers over cybersecurity vulnerabilities, citing national security concerns related to Chinese data laws and potential exploitation by hackers, including the Volt Typhoon group.
Hackers infect ISPs with malware that steals customers' credentials
Hackers linked to the Chinese government exploited a zero-day vulnerability in the Versa Director platform, affecting U.S. ISPs, allowing credential capture via malware before hashing. The vulnerability was patched.
Zyxel warns of vulnerabilities in a wide range of its products
Zyxel warns of nearly a dozen vulnerabilities in its products, including a critical flaw allowing unauthenticated command execution. Users are urged to apply patches promptly to mitigate risks.