D-Link routers vulnerable to remotely exploitable root command injection flaw

2020-12-08 14:00

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers.

D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

A remote, unauthenticated attacker with access to the router's web interface could execute arbitrary commands as root, effectively gaining complete control of the router.

D-Link routers can connect up to 15 other devices simultaneously.

"Our standard practice is to work in tandem with organizations on a coordinated disclosure effort to facilitate a prompt resolution to a vulnerability. The Digital Defense VRT reached out to D-Link who worked diligently on a patch."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Xg7BwcexlAw/

#commandinjection #dlink #root #router

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
D Link		82	0	9	29	34	72

News URL

Related news

Related vendor