Network Security, Endpoint/Device Security

Attacks exploiting critical EOL D-Link router bug underway

Close-up of a WiFi router

BleepingComputer reports that all D-Link DIR-859 routers, which have reached end-of-life, are at risk of being compromised for information disclosure, privilege escalation, and device takeovers, amid ongoing intrusions leveraging the critical path traversal vulnerability, tracked as CVE-2024-0769.

Attacks against the vulnerable D-Link routers involve a public proof-of-concept exploit aimed at the "DHCPS6.BRIDGE-1.xml" file to expose other configuration files containing details for NAT, firewall settings, access control lists, device accounts, and diagnostics, according to a report from GreyNoise. However, other intrusions involving the flaw targeted the "DEVICE.ACCOUNT.xml" file to facilitate the dumping of all device-stored account credentials, user groups, and user descriptions, noted researchers.

"Any information disclosed from the device will remain valuable to attackers for the lifetime of the device as long as it remains internet facing," said GreyNoise.

Organizations with the impacted D-Link routers, which will no longer be patched against the issue, have been urged to immediately upgrade to newer supported devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.