Palo Alto Networks security researchers have discovered six new vulnerabilities with the D-Link wireless home router that allows attackers to launch remote attacks.
The vulnerabilities detected with the DIR-865L model of D-Link routers are mainly used in domestic environments. In the current situation where we work from home, these vulnerabilities can pose serious threats.
Researchers have absorbed six of these vulnerabilities with the latest firmware models. Combining vulnerabilities can pose significant risks.
The vulnerabilities live in the router’s web interface controller, an attacker with authentication or with an active session cookie may inject arbitrary code to be executed in administrative privileges.
Multiple router web interface web pages vulnerable to CSRF. Allows an attacker to sniff web traffic and access password-protected web interface pages.
Data transferred with the SharePort Web Access portal on port 8181 is not encrypted, allowing an attacker to determine the password.
The generation of session cookies is predictable; an attacker can decide the session cookie simply by knowing the user’s access time.
Login credentials are stored in plain text, an attacker must have physical access to steal passwords.
If the administrator selects WEP (Wired Equivalent Privacy) which was deprecated in 2004 for the guest wifi network, the passwords will be sent in clear text.
The combination of all these vulnerabilities allows attackers to execute arbitrary commands, exfiltrate data, load malware, delete data or steal user credentials, reads in the Paloalto blog post.
D-Link has corrected vulnerabilities with the router, users are advised to update with the latest firmware to correct the vulnerabilities.