Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: D-LINK PATCHED MULTIPLE VULNERABILITIES IN THEIR WIFI-6 ROUTERS, PATCH IMMEDIATELY!
Image
Published : 17/09/2024
Reference:
Advisory #2024-223
Version:
1.0
Affected software:
D-Link DIR-X4860 hardware revision Ax with firmware version v1.04B04_Hot-Fix or below
D-Link DIR-X5460 hardware revision Ax with firmware version v1.11B01_Hot-Fix or below
Non-US D-Link COVR-X1870 hardware revision Ax with firmware version v1.02 or below
Type:
Remote Code Execution; Stack-based Buffer Overflow
CVE/CVSS:
CVE-2024-45694 / CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-45695 / CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-45696 / CVSS 8.8(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-45697 / CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-45698 / CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
DLink: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412
Risks
D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote attackers to execute arbitrary code or gain hardcoded credentials.
D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694, CVE-2024-45695, CVE-2024-45697, impacting three wireless router models. The flaws can allow attackers to remotely execute arbitrary code or access the devices using hardcoded credentials.
D-Link also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698.
Description
The vulnerabilities patched by D-Link are:
CVE-2024-45694 (9.8 critical):
The issue is a stack-based buffer overflow in the web service of certain models of D-Link wireless routers. Unauthenticated remote attackers could exploit this vulnerability to execute arbitrary code on the device. The issue impacts:
- DIR-X5460 A1 frimware version 1.01, 1.02, 1.04, 1.10
- DIR-X4860 A1 firmware version 1.00, 1.04
CVE-2024-45695 (9.8 critical):
The issue is a stack-based buffer overflow in the web service of certain models of D-Link wireless routers. Unauthenticated remote attackers could exploit this vulnerability to execute arbitrary code on the device. The issue impacts:
- DIR-X4860 A1 firmware version 1.00, 1.04
CVE-2024-45697 (9.8 critical):
Certain D-Link router models have a hidden feature that enables the telnet service when the WAN port is connected. This allows unauthorized remote attackers to log in and execute OS commands using hard-coded credentials. The issue impacts:
- DIR-X4860 A1 firmware version 1.00, 1.04
CVE-2024-45696 (8.8 high):
Certain D-Link router models have hidden functionality that allows attackers to enable the telnet service by sending specific packets to the web service. Once enabled, attackers can log in using hard-coded credentials, but the telnet access is limited to the local network. The issue impacts:
- DIR-X4860 A1 firmware version 1.00, 1.04.
- COVR-X1870 firmware version v1.02 and earlier.
CVE-2024-45698 (8.8 high):
Certain D-Link router models have a vulnerability in the telnet service that allows unauthenticated remote attackers to log in using hard-coded credentials and execute arbitrary OS commands due to improper input validation. The issue impacts:
- DIR-X4860 A1 firmware version 1.00, 1.04
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
TWCERT: https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
TWCERT: https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html
TWCERT: https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
TWCERT: https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html
TWCERT: https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html