D-Link VPN routers get patch for remote command injection bugs

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,731
123,854
8,399
Content source
https://www.bleepingcomputer.com/news/security/d-link-vpn-routers-get-patch-for-remote-command-injection-bugs/
An vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device.
The bug affects router models DSR-150, DSR-250/N, DSR-500, and DSR-1000AC running firmware version 3.17 or below.

Reported by Digital Defense's Vulnerability Research Team on August 11, the flaw is a root command injection that can be exploited remotely if the device's "Unified Services Router" web interface is reachable over the public internet.
"Consequently, a remote, unauthenticated attacker with access to the router’s web interface could execute arbitrary commands as root, effectively gaining complete control of the router" - Digital Defense
Click to expand...
The table below lists vulnerable router models and links to the updated firmware version containing the fix:
ModelHardware RevisionRegionAffected FWFixed FWRecommendationLast Updated
DSR-150All Rev. A Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150All Rev. A Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-150All Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150All Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-150NAll Rev. A Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150NAll Rev. A Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-150NAll Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150NAll Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C _RUDownload and Update Device12/02/2020
DSR-250All Rev. A Hardware RevisionsWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250All Rev. A Hardware RevisionsRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-250All Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250All Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-250NAll Rev. A Hardware RevisionsWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250NAll Rev. A Hardware RevisionsRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-250NAll Rev. B Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250NAll Rev. B Hardware RevisionRussianv3.17 & Belowv3.17B401C _RUDownload and Update Device12/02/2020
DSR-250NAll Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250NAll Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
Click to expand...
www.bleepingcomputer.com

D-Link VPN routers get patch for remote command injection bugs

A vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Last edited:
  • Like
Reactions: Venustus, ForgottenSeer 85179, ForgottenSeer 89360 and 3 others
You must log in or register to reply here.

You may also like...