D-Link router remote code execution vulnerability will not be patched

[silversurfer]

Content source

https://www.zdnet.com/article/d-link-routers-contain-remote-code-execution-vulnerability/

Researchers have publicly disclosed the existence of a severe remote code execution vulnerability in a range of D-Link routers.
Last week, Fortinet's FortiGuard Labs said the vulnerability at the heart of the issue, tracked as CVE-2019-16920, was discovered in September 2019.
According to the Fortinet researcher Thanh Nguyen Nguyen, the unauthenticated command injection vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 product lines.

ZDNet has reached out to D-Link for comment and will update if we hear back.

D-Link router remote code execution vulnerability will not be patched

The security issue won’t be resolved, considering the age of the products.

www.zdnet.com

 

[silversurfer]

D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code.
The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.

threatpost.com