Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!

Pierluigi Paganini September 04, 2024

D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router series.

Networking hardware vendor D-Link wars of multiple remote code execution (RCE) vulnerabilities in its discontinued DIR-846 router model.

The vulnerabilities CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8) are two OS command injection issues. A remote attacker could exploit them to execute arbitrary code on vulnerable devices.

“D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44341) via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.” reads the advisory.

“D-Link DIR-846W Firmware A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44342) via the wl(0).(0)_ssid parameter.”

The vendor also addressed a remote command execution (RCE) vulnerability, tracked as CVE-2024-41622 (CVSS score of 8.8), that resides in the tomography_ping_address parameter in /HNAP1/ interface.

The fourth issue addressed by the company is a high-severity RCE vulnerability, tracked as CVE-2024-44340 (with a CVSS score of 8.8), which can be exploited by an authenticated attacker.

The security researcher Yali-1002 discovered the above vulnerabilities.

The vendor recommends to retire and replace devices that have reached their End of Life (‘EOL’) /End of Service Life (‘EOS’) Life-Cycle.

Routers are a privileged target for threat actors and botnet operators. In January, researchers from cybersecurity firm GreyNoise spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers.

The vendor stated that the DIR-859 family of routers has reached their End of Life (“EOL”)/End of Service Life (“EOS”) life-cycle, and for this reason, the flaw will likely not be addressed.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(Security Affairs – hacking, IoT)



you might also like

leave a comment