D-Link’s DIR-X4860 Vulnerable to Remote Command Execution with Zero-Day Exploit and Released PoC | Black Hat Ethical Hacking

D-Link’s DIR-X4860 Vulnerable to Remote Command Execution with Zero-Day Exploit and Released PoC

by | May 15, 2024 | News

D-Link's DIR-X4860 Vulnerable to Remote Command Execution with Zero-Day Exploit and Released PoC

Post Views: 219




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Vulnerabilities discovered in D-Link’s flagship router, the EXO AX4800 (DIR-X4860) by the SSD Secure Disclosure team have exposed the device to remote unauthenticated command execution, potentially paving the way for complete takeover by malicious actors with access to the HNAP port.

Sporting impressive features such as OFDMA, MU-MIMO, and BSS Coloring, the D-Link DIR-X4860 router promises blazing speeds of up to 4800 Mbps. However, its popularity, particularly in Canada and the global market, now comes under scrutiny as security researchers unveil critical flaws in devices running the latest firmware version.

The disclosed vulnerabilities enable attackers to gain elevated privileges and execute commands as root, posing a severe risk to users’ network security. Despite multiple attempts to notify D-Link of these issues, including sharing detailed exploitation instructions, the flaws remain unaddressed, leaving users vulnerable to exploitation.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Exploitation process

The exploitation process involves a series of steps, beginning with a specially crafted HNAP login request to the router’s management interface. By bypassing authentication mechanisms, attackers can gain authenticated access and exploit a command injection vulnerability, ultimately executing arbitrary commands within the router’s operating system.

Login request that bypasses the authentication stepLogin request that bypasses the authentication step
Source: SSD Secure Disclosure

Efforts to engage D-Link in resolving these security concerns have so far yielded no response. With the release of a security firmware update pending, users are advised to disable the device’s remote access management interface to mitigate the risk of exploitation.

Trending: Understanding the Advantages and Challenges of Zero Trust Security




Trending: Offensive Security Tool: 403jump

BleepingComputer has reached out to D-Link for comment on the matter and awaits a response. Until then, users of the DIR-X4860 are urged to remain vigilant and take necessary precautions to safeguard their networks against potential attacks.

Trending: TunnelVision: The New VPN Bypass Technique Exposing Users to Surveillance

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This