Latest D-Link vulnerabilities #
Security researcher yali-1002 has disclosed several vulnerabilities in D-Link’s DIR-846W routers. These vulnerabilities allow the execution of arbitrary code via specially-crafted requests.
CVE-2024-41622 is rated critical with CVSS score of 9.8.
CVE-2024-44340 is rated high with CVSS score of 8.8.
CVE-2024-44341 is rated critical with CVSS score of 9.8.
CVE-2024-44342 is rated critical with CVSS score of 9.8.
D-Link has acknowledged these vulnerabilities, but noted these devices are no longer supported. As such, no fixes will be released for these vulnerabilities.
What is the impact? #
Successful exploitation of these vulnerabilities result in devices allowing attackers to perform remote code execution (RCE) by sending special requests to vulnerable devices.
Are updates or workarounds available? #
D-Link has indicated that the vulnerable systems stopped being supported in 2020 and no further updates will be released. Users are urged to replace vulnerable systems with supported systems.
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:
mac_vendor:"D-Link"
