An Interest In:
Web News this Week
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
October 8, 2019 09:30 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7AF8Q--6Syw/d-link-home-routers-open-to-remote-takeover-will-remain-unpatched
D-Link Home Routers Open To Remote Takeover Will Remain Unpatched
D-Link won't patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. Threatpost reports: The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet's FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a "typical security pitfall suffered by many firmware manufacturers." With no patch available, affected users should upgrade their devices as soon as possible.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7AF8Q--6Syw/d-link-home-routers-open-to-remote-takeover-will-remain-unpatched
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot