- Security researchers find critical flaws in modems reaching End of Life
- D-Link says it won’t patch them, and recommends upgrading the hardware
- There are some 60,000 vulnerable devices out there
Older D-Link routers are potentially vulnerable to more than one critical security issue which could allow threat actors to take over the devices. However, since they have reached end-of-life status (EoL), the company says it will not be releasing any patches, and advises users to replace the endpoints with newer models.
The news comes shortly after we reported multiple D-Link NAS endpoints were found vulnerable to CVE-2024-10914, a command injection flaw with a 9.2 severity score – however the company again said it wouldn’t be issuing a fix, since the affected devices have all reached EoL.
Now, security researcher Chaio-Lin Yu (Steven Meow) found three bugs plaguing the D-Link DSL6740C modem. One is tracked as CVE-2024-11068, has a severity score of 9.8, and allows threat actors to change passwords through privileged API access. The other two are CVE-2024-11067, and CVE-2024-11066, and are a path traversal flaw and a remote code execution (RCE) flaw, with 7.5 and 7.2 scores, respectively.
Tens of thousands of vulnerable endpoints
Roughly 60,000 vulnerable devices are currently connected to the internet, the majority being located in Taiwan. The model isn’t even available in the US, BleepingComputer states, since it reached EoL almost a year ago. With that in mind, D-Link said it wouldn’t be addressing the flaw, and suggests “retiring and replacing D-Link devices that have reached EOL/EOS.”
The same model is also vulnerable to four additional high-severity command injection…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
