D-Link – multiple vulnerabilities, some are 0-days

Here’s a summary of the vulnerabilities reported:

  • Remote Code Execution (RCE) Vulnerabilities:
    • D-Link D-View: Two vulnerabilities (ZDI-24-448, ZDI-24-450) allow remote code execution due to command injection and exposed dangerous methods. Both require authentication, which can be bypassed. CVSS rating: 8.8.
    • D-Link G416: Attackers can execute code on G416 routers without authentication (ZDI-24-446). CVSS rating: 8.8.
    • D-Link DIR-2150: The GetDeviceSettings feature in DIR-2150 routers is vulnerable to command injection by network-adjacent attackers without authentication (ZDI-24-442). CVSS rating: 8.8.
    • D-Link DIR-2640: A stack-based buffer overflow in DIR-2640-US routers allows RCE without authentication (ZDI-24-444). CVSS rating: 8.8.
    • D-Link D-View: Another vulnerability (ZDI-24-449) allows RCE through an exposed dangerous method with bypassable authentication. CVSS rating: 8.8.
  • Local Privilege Escalation:
    • D-Link Network Assistant: A vulnerability (ZDI-24-443) allows local attackers to escalate privileges by exploiting an uncontrolled search path element. Requires execution of low-privileged code. CVSS rating: 7.3.
  • Denial-of-Service (DoS):
    • D-Link DIR-3040: A memory leak in prog.cgi websSecurityHandler can be exploited by network-adjacent attackers to cause a DoS condition (ZDI-24-445). No authentication needed. CVSS rating: 4.3.
  • Authentication Bypass:
    • D-Link D-View: A vulnerability (ZDI-24-447) allows bypassing authentication using a hard-coded cryptographic key. No authentication needed for exploitation. CVSS rating: 9.8.

All vulnerabilities are marked as “0Day,” indicating they are previously unknown and unpatched. The CVSS ratings range from 4.3 to 9.8, reflecting the severity of the vulnerabilities. The higher the CVSS score, the more severe the vulnerability. It’s important for organizations using these D-Link products to be aware of these vulnerabilities and apply any available patches or mitigations provided by the vendor.

Read more D-Link – multiple vulnerabilities, some are 0-days