Security News

The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS attacks and remote command injection. An attacker within the extender's range can set up a WiFi network and deceptively name it similar to something the target is familiar with but include a tick in the name, like 'Olaf's Network,' for example.

The U.S. Cybersecurity and Infrastructure Security Agency has placed a set of eight flaws to the Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices.

A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service attacks. In total, the malware targets no less than 22 known seccurity issues in various connected products, which include routers, DVRs, NVRs, WiFi communication dongles, thermal monitoring systems, access control systems, and solar power generation monitors.

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.D-View is a network management suite developed by the Taiwanese networking solutions vendor D-Link, used by businesses of all sizes for monitoring performance, controlling device configurations, creating network maps, and generally making network management and administration more efficient and less time-consuming.

A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. The purpose of the malware is to add compromised devices to a distributed denial-of-service botnet to launch powerful attacks against specified targets.

CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two zero-days in Google Chrome and the Photo Station QNAP software. The Google Chrome zero-day was patched on September 2nd via an emergency security update after the company was made aware of in-the-wild exploitation.

A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service attacks," Palo Alto Networks Unit 42 said in a Tuesday report.

The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits. MooBot was discovered by analysts at Fortinet in December 2021, targeting a flaw in Hikvision cameras to spread quickly and enlist a large number of devices into its DDoS army.

D-Link Corporation announced their latest EAGLE PRO AI product series at the D-Link Product Launch Conference. By developing products with AI Technology that can recognize network problems and adapt accordingly, D-Link optimizes the performance of home networks.

D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. The CVE-2021-21818 and CVE-2021-21820 hard-coded password and credentials vulnerabilities [1, 2] exist in the router's Zebra IP Routing Manager and the Libcli Test Environment functionality.