Skip to main content

Bug Trio Affecting Eight D-Link Models Leads to Full Compromise

posted onOctober 18, 2018
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

Several router models from D-Link are vulnerable to three security bugs that could help an attacker get full control over them.

Taken separately, the vulnerabilities are a path traversal, securing passwords in plain text and shell command execution; but by chaining them together an attacker could run code of their own on the devices.

First on the list is the path traversal security gap, identified as CVE-2018-10822, which permits a remote attacker to read arbitrary files. This issue emerged because of an incorrect repair of a different bug reported last year. A flaw like this can get the attacker in the passwords folder, where the administrator credentials reside. This leads to the second vulnerability, passwords stored in plain text, tracked as CVE-2018-10824. Using the path traversal flaw one can access the password folder and check the configuration file containing the sensitive information.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th