Home Hacking D-Link Patched Two Remotely Exploitable Bug

D-Link Patched Two Remotely Exploitable Bug

1 min read
0
0

D-Link Patched Two Remotely Exploitable Bug

D-Link Patched Two Remotely Exploitable Bugs found in its firmware that could be exploited remotely and lead to takeover and arbitrary code execution.

The first CERT advisory, covers DCS-93 series network cameras (models 930L, 931L, 932L and 933L using version 1.04 2014-04-21 of the company’s firmware). Vulnerable devices allow remote attackers to upload unrestricted files to the device, and consequently remotely execute arbitrary code.

DAP-1320 wireless range extenders are subject to an ancient vulnerability, CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allowing attackers to execute “dangerous commands directly on the operating system”.

The CERT advisory notes the exploit uses the firmware update mechanism, and while the vuln is only confirmed on version 1.11 released in December 2013, “other firmware versions prior to version 1.21b05 may also be vulnerable”.

Users whose routers run either of thr aforementioned firmware are encouraged to update to versions, 2.0.17-b62 and 1.21b05.

The researchers at Tangible Security, discovered the vulnerabilities and consequently disclosed them to D-Link.

Load More Related Articles
Load More In Hacking

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

New Cold Boot Attacks Can Evade Current Mitigations

New Cold Boot Attacks Can Evade Current Mitigations Many people tend to put laptops to ‘Sl…