D-Link WiFi range extender vulnerable to command injection attacks


Level 79
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS (denial of service) attacks and remote command injection.

The product is currently listed as available on D-Link's site and has thousands of reviews on Amazon, so it's a popular choice among consumers.

A team of German researchers (RedTeam) who discovered the vulnerability, tracked as CVE-2023-45208, report that despite their attempts to alert D-Link multiple times, the vendor has remained silent, and no fixes have been released.
RedTeam researchers discovered the flaw in May 2023 and reported it to D-Link, but despite multiple follow-ups, no reply was ever received.

This means that D-Link DAP-X1860 is still vulnerable to attacks, and the relatively simple exploitation mechanism makes the situation risky.

Owners of DAP-X1860 extenders are recommended to limit manual network scans, treat sudden disconnections suspiciously, and turn off the extender when not actively used.

Also, consider placing IoT devices and range extenders on a separate network isolated from sensitive devices holding personal or work data.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.