Security News > 2024 > June > Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
![Hackers exploit critical D-Link DIR-859 router flaw to steal passwords](/static/build/img/news/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords-medium.jpg)
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
Although D-Link DIR-859 WiFi router model reached end-of-life and no longer receives any updates, the vendor still released a security advisory explaining that the flaw exists in the "Fatlady.php" file of the device, affects all firmware versions, and allows attackers to leak session data, achieve privilege escalation, and gain full control via the admin panel.
Threat monitoring platform GreyNoise has observed the active exploitation of CVE-2024-0769 in attacks that rely on a slight variation of the public exploit.
The researchers explain that hackers are targeting the 'DEVICE.ACCOUNT.xml' file to dump all account names, passwords, user groups, and user descriptions present on the device.
GreyNoise has not determined the motivation of the attackers, but the targeting of user passwords shows an intention to perform device takeover, thus giving the attacker full control of the device.
GreyNoise makes available a larger list of files that could be invoked in attacks that exploit CVE-2024-0769.
News URL
Related news
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- Hackers exploit LiteSpeed Cache flaw to create WordPress admins (source)
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now (source)
- Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking (source)
- CISA warns of hackers exploiting Chrome, EoL D-Link bugs (source)
- TP-Link fixes critical RCE bug in popular C5400X gaming router (source)
- PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-21 | CVE-2024-0769 | Path Traversal vulnerability in Dlink Dir-859 Firmware 1.06 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. | 9.8 |