Tens of 1000’s of uncovered D-Hyperlink routers which have reached their end-of-life are susceptible to a important safety concern that enables an unauthenticated distant attacker to alter any person’s password and take full management of the gadget.
The vulnerability was found within the D-Hyperlink DSL6740C modem by safety researcher Chaio-Lin Yu (Steven Meow), who reported it to Taiwan’s pc and response heart (TWCERTCC).
It’s value noting that the gadget was not out there within the U.S. and reached end-of-service (EoS) section originally of the yr.
In an advisory immediately, D-Hyperlink introduced that it will not repair the problem and recommends “retiring and changing D-Hyperlink units which have reached EOL/EOS.”
Chaio-Lin Yu reported to TWCERTCC two different vulnerabilities, an OS command injection and a path traversal concern:
The three flaws points are summarized as follows:
- CVE-2024-11068: Flaw that enables unauthenticated attackers to change any person’s password by way of privileged API entry, granting them entry to the modem’s Net, SSH, and Telnet companies. (CVSS v3 rating: 9.8 “important”).
- CVE-2024-11067: Path traversal vulnerability permitting unauthenticated attackers to learn arbitrary system information, retrieve the gadget’s MAC deal with, and try login utilizing the default credentials. (CVSS v3 rating: 7.5 “excessive”)
- CVE-2024-11066: Bug enabling attackers with admin privileges to execute arbitrary instructions on the host working system by way of a selected net web page. (CVSS v3 rating: 7.2 “excessive”)
A fast search on the FOFA search engine for publicly uncovered units and software program exhibits that there are near 60,000 D-Hyperlink DSL6740C modems reachable over the web, most of them in Taiwan.
Supply: BleepingComputer
TWCERTCC has revealed advisories for 4 extra high-severity OS command injection vulnerabilities that impression the identical D-Hyperlink gadget. The bugs are tracked as CVE-2024-11062, CVE-2024-11063, CVE-2024-11064, and CVE-2024-11065.
Though the variety of susceptible units uncovered on the general public net is important, D-Hyperlink has made it clear prior to now [1, 2] that end-of-life (EoL) units are usually not lined by updates, even when important bugs are involved.
If customers cannot substitute the affected gadget with a variant that the seller nonetheless helps, they need to not less than limit distant entry and set safe entry passwords.