D-Link VPN routers get patch for remote command injection bugs

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.bleepingcomputer.com/news/security/d-link-vpn-routers-get-patch-for-remote-command-injection-bugs/
An vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device.
The bug affects router models DSR-150, DSR-250/N, DSR-500, and DSR-1000AC running firmware version 3.17 or below.

Reported by Digital Defense's Vulnerability Research Team on August 11, the flaw is a root command injection that can be exploited remotely if the device's "Unified Services Router" web interface is reachable over the public internet.
"Consequently, a remote, unauthenticated attacker with access to the router’s web interface could execute arbitrary commands as root, effectively gaining complete control of the router" - Digital Defense
Click to expand...
The table below lists vulnerable router models and links to the updated firmware version containing the fix:
ModelHardware RevisionRegionAffected FWFixed FWRecommendationLast Updated
DSR-150All Rev. A Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150All Rev. A Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-150All Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150All Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-150NAll Rev. A Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150NAll Rev. A Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-150NAll Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-150NAll Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C _RUDownload and Update Device12/02/2020
DSR-250All Rev. A Hardware RevisionsWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250All Rev. A Hardware RevisionsRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-250All Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250All Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-250NAll Rev. A Hardware RevisionsWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250NAll Rev. A Hardware RevisionsRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
DSR-250NAll Rev. B Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250NAll Rev. B Hardware RevisionRussianv3.17 & Belowv3.17B401C _RUDownload and Update Device12/02/2020
DSR-250NAll Rev. C Hardware RevisionWorldwidev3.17 & Belowv3.17B401C_WWDownload and Update Device12/02/2020
DSR-250NAll Rev. C Hardware RevisionRussianv3.17 & Belowv3.17B401C_RUDownload and Update Device12/02/2020
Click to expand...
www.bleepingcomputer.com

D-Link VPN routers get patch for remote command injection bugs

A vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Last edited:
  • Like
Reactions: Venustus, ForgottenSeer 85179, ForgottenSeer 89360 and 3 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
ASUS routers knocked offline worldwide by bad security update
Replies
9
Views
1,600
News Archive
blackice
blackice
blackice
    • Like
    • +Reputation
    • Wow
Russian Cyclops Blink botnet launches assault against Asus routers
Replies
1
Views
988
News Archive
blackice
blackice
Bot
    • Like
Update to Windows Subsystem for Android™ on Windows 11 (June 2023)
Replies
0
Views
380
Windows 11
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top