Security News > 2020 > December > D-Link routers vulnerable to remotely exploitable root command injection flaw

D-Link routers vulnerable to remotely exploitable root command injection flaw
2020-12-08 14:00

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers.

D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

A remote, unauthenticated attacker with access to the router's web interface could execute arbitrary commands as root, effectively gaining complete control of the router.

D-Link routers can connect up to 15 other devices simultaneously.

"Our standard practice is to work in tandem with organizations on a coordinated disclosure effort to facilitate a prompt resolution to a vulnerability. The Digital Defense VRT reached out to D-Link who worked diligently on a patch."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Xg7BwcexlAw/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
D Link 113 1 33 30 39 103