D-Link router remote code execution vulnerability will not be patched

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,172
Content source
https://www.zdnet.com/article/d-link-routers-contain-remote-code-execution-vulnerability/
Researchers have publicly disclosed the existence of a severe remote code execution vulnerability in a range of D-Link routers.
Last week, Fortinet's FortiGuard Labs said the vulnerability at the heart of the issue, tracked as CVE-2019-16920, was discovered in September 2019.
According to the Fortinet researcher Thanh Nguyen Nguyen, the unauthenticated command injection vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 product lines.
Click to expand...
ZDNet has reached out to D-Link for comment and will update if we hear back.
Click to expand...
www.zdnet.com

D-Link router remote code execution vulnerability will not be patched

The security issue won’t be resolved, considering the age of the products.
www.zdnet.com www.zdnet.com
 
  • Like
  • Thanks
Reactions: upnorth, Andy Ful, LASER_oneXM and 6 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,172
D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code.
The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).
Click to expand...
threatpost.com

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.
threatpost.com threatpost.com
 
  • Like
  • Wow
Reactions: upnorth, Andy Ful, woodrowbone and 4 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Unsupported D-Link routers vulnerable to RCE flaws
Replies
0
Views
963
News Archive
silversurfer
silversurfer
silversurfer
    • Like
5 severe D-Link router vulnerabilities disclosed, patch now
Replies
0
Views
1,043
News Archive
silversurfer
silversurfer
silversurfer
    • Like
D-Link VPN routers get patch for remote command injection bugs
Replies
0
Views
713
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top