Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

D-Link router remote code execution vulnerability will not be patched

October 7, 2019
in Internet Security
D-Link router remote code execution vulnerability will not be patched
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter

Vulnerabilities in popular consumer and enterprise routers have doubled since 2011
A new study reveals vulnerability rates are not decreasing in our connected devices — far from it.

Researchers have publicly disclosed the existence of a severe remote code execution vulnerability in a range of D-Link routers. 

You might also like

Malaysia Airlines suffers data security ‘incident’ spanning nine years

Remote work: 5 things every business needs to know

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

Last week, Fortinet’s FortiGuard Labs said the vulnerability at the heart of the issue, tracked as CVE-2019-16920, was discovered in September 2019. 

According to the Fortinet researcher Thanh Nguyen Nguyen, the unauthenticated command injection vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 product lines. 

The vulnerability is described as an RCE prompted by attackers sending arbitrary input to a “PingTest” gateway interface, leading to command injection and full system compromise. The critical bug has been issued a CVSS v3.1 base score of 9.8 and a CVSS v2.0 base score of 10.0. 

See also: D-Link to undergo security audits for 10 years as part of FTC settlement

In order to trigger the security flaw, Fortinet says attackers can perform a login action remotely that is poorly authenticated. 

The bad authentication check allows code to execute whether or not a user has the privilege to do so, for a POST HTTP Request via PingTest to be sent, and for attackers to either grab administrator credentials or install a backdoor. 

The security researchers disclosed their findings to D-Link on September 22. Within 24 hours the hardware vendor had confirmed the vulnerability, and three days later, D-Link said that as the products are at End of Life (EOL) support, no patch will be released. 

CNET: Renewed calls for backdoor access to encryption have all the same flaws

Given the age of these routers, it is not surprising that D-Link has chosen not to issue a fix. Our devices — and their firmware — all have an expiry date and eventually support does end, and therefore users of these routers should consider replacing their aging products to mitigate the risk of exploit. 

However, not every security-related decision D-Link has ever made can necessarily be considered reasonable. 

TechRepublic: How to create and export a GPG keypair on macOS

In related news, D-Link recently agreed to a settlement with the US Federal Trade Commission (FTC) to lay to rest accusations of failing to tackle vulnerability reports and misrepresenting the security of its products. 

As part of the agreement, the vendor will create a new security program for routers and Internet-connected products, and will also submit to security audits for the next ten years. 

ZDNet has reached out to D-Link for comment and will update if we hear back.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Digital Transformation: Preparing your Organization for a World of Constant Change

Next Post

Breaking Silos and Curating Data for Impactful AI

Related Posts

Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Next Post
Breaking Silos and Curating Data for Impactful AI

Breaking Silos and Curating Data for Impactful AI

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

6 Ways Machine Learning Can Improve Supply Chain’s Bottom Line
Machine Learning

6 Ways Machine Learning Can Improve Supply Chain’s Bottom Line

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Internet Privacy

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

March 3, 2021
This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies
Machine Learning

This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies

March 3, 2021
Breadcrumbing Job Applicants: Bad for Employers
Marketing Technology

Breadcrumbing Job Applicants: Bad for Employers

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 6 Ways Machine Learning Can Improve Supply Chain’s Bottom Line March 3, 2021
  • Malaysia Airlines suffers data security ‘incident’ spanning nine years March 3, 2021
  • URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange March 3, 2021
  • This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates