Network Security, Endpoint/Device Security

Attacks exploiting critical EOL D-Link router bug underway

Close-up of a WiFi router

BleepingComputer reports that all D-Link DIR-859 routers, which have reached end-of-life, are at risk of being compromised for information disclosure, privilege escalation, and device takeovers, amid ongoing intrusions leveraging the critical path traversal vulnerability, tracked as CVE-2024-0769.

Attacks against the vulnerable D-Link routers involve a public proof-of-concept exploit aimed at the "DHCPS6.BRIDGE-1.xml" file to expose other configuration files containing details for NAT, firewall settings, access control lists, device accounts, and diagnostics, according to a report from GreyNoise. However, other intrusions involving the flaw targeted the "DEVICE.ACCOUNT.xml" file to facilitate the dumping of all device-stored account credentials, user groups, and user descriptions, noted researchers.

"Any information disclosed from the device will remain valuable to attackers for the lifetime of the device as long as it remains internet facing," said GreyNoise.

Organizations with the impacted D-Link routers, which will no longer be patched against the issue, have been urged to immediately upgrade to newer supported devices.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

You can skip this ad in 5 seconds