Hackers May Redirect Your Internet Traffic through D-Link Router Bugs
Several vulnerabilities in the DIR-600 and DIR-300 routers of network solutions company D-Link may allow hackers to redirect Internet traffic and compromise users` devices, according to German security researcher Michael Messner. The holes are supported by the lack of password hashing and root passwords being saved in plain text.
The Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to easily change a password through malicious software, as there is no request for the password. The OS Command Injection vulnerability allows hackers to compromise users` devices.
“The vulnerability is caused by missing access restrictions and missing input validation in the cmd parameter and can be exploited to inject and execute arbitrary shell commands,” Messner said in a blog post. “It is possible to start a telnetd to compromise the device.”
The H-Online also ran tests and discovered many of the devices can even be accessed from the Internet and managed to inject a harmless command into such a router. “A real attacker could randomly exploit systems, for example to divert a router’s entire internet traffic to a third-party server.”
According to Messner, D-Link said the issues are browser-related and they will not provide a fix. The security expert informed the company in December of last year.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
August 05, 2021
August 04, 2021