Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
October 8, 2019 09:30 pm

D-Link Home Routers Open To Remote Takeover Will Remain Unpatched

D-Link won't patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. Threatpost reports: The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet's FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a "typical security pitfall suffered by many firmware manufacturers." With no patch available, affected users should upgrade their devices as soon as possible.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7AF8Q--6Syw/d-link-home-routers-open-to-remote-takeover-will-remain-unpatched

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot