Article Details
Scrape Timestamp (UTC): 2024-09-03 15:50:46.892
Original Article Text
Click to Toggle View
D-Link says it is not fixing four RCE flaws in DIR-846W routers. D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. The four RCE flaws, three of which are rated critical and do not require authentication, were discovered by security researcher yali-1002, who released minimal details in their GitHub repository. The researcher published the information on August 27, 2024, but has withheld the publication of proof-of-concept (PoC) exploits for now. The flaws are summarized as follows: Though D-Link acknowledged the security problems and their severity, it noted that they fall under its standard end-of-life/end-of-support policies, meaning there will be no security updates to address them. "As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease," reads D-Link's announcement. "D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it," adds the vendor further down in the bulletin. It is noted that DIR-846W routers were sold primarily outside the U.S., so the impact of the flaws should be minimal in the States, yet still significant globally. The model is still sold in some markets, including Latin America. Though DIR-846 reached the end of support in 2020, over four years ago, many people only replace their routers once they face hardware problems or practical limitations, so a lot of people could still use the devices. D-Link recommends that people still using the DIR-846 retire it immediately and replace it with a currently supported model. If that is impossible, the hardware vendor recommends that users ensure the device runs the latest firmware, use strong passwords for the web admin portal, and enable WiFi encryption. D-Link vulnerabilities are commonly exploited by malware botnets, such as Mirai and Moobot, to recruit devices into DDoS swarms. Threat actors have also recently exploited a D-Link DIR-859 router flaw to steal passwords and breach devices. Therefore, securing the routers before proof-of-concept exploits are released and abused in attacks is vital.
Daily Brief Summary
D-Link has announced it will not fix four critical remote code execution (RCE) flaws in all hardware and firmware versions of its DIR-846W router.
The decision is based on the company’s end-of-life and end-of-support policies, which halt firmware updates for products no longer supported.
Three of the four vulnerabilities are rated critical and can be exploited without authentication.
Although the DIR-846W routers are primarily sold outside the U.S., they are still available in markets like Latin America, posing a significant security risk globally.
Security researchers have withheld proofs of concept, but the vulnerabilities are public, increasing the risk of exploitation.
D-Link recommends users retire the affected routers immediately and upgrade to supported models to mitigate risks.
The company also suggests updating firmware, using strong passwords, and enabling WiFi encryption as interim protective measures.
Vulnerable routers like DIR-846W are targets for malware botnets, such as Mirai and Moobot, which can lead to larger cybersecurity incidents involving DDoS attacks and password theft.