Tens of 1000’s of uncovered D-Hyperlink routers which have reached their end-of-life are susceptible to a essential security problem that enables an unauthenticated distant attacker to alter any consumer’s password and take full management of the system.
The vulnerability was found within the D-Hyperlink DSL6740C modem by security researcher Chaio-Lin Yu (Steven Meow), who reported it to Taiwan’s laptop and response middle (TWCERTCC).
It’s value noting that the system was not obtainable within the U.S. and reached end-of-service (EoS) section firstly of the yr.
In an advisory right now, D-Hyperlink introduced that it will not repair the problem and recommends “retiring and changing D-Hyperlink units which have reached EOL/EOS.”
Chaio-Lin Yu reported to TWCERTCC two different vulnerabilities, an OS command injection and a path traversal problem:
The three flaws points are summarized as follows:
- CVE-2024-11068: Flaw that enables unauthenticated attackers to change any consumer’s password via privileged API entry, granting them entry to the modem’s Net, SSH, and Telnet providers. (CVSS v3 rating: 9.8 “essential”).
- CVE-2024-11067: Path traversal vulnerability permitting unauthenticated attackers to learn arbitrary system recordsdata, retrieve the system’s MAC handle, and try login utilizing the default credentials. (CVSS v3 rating: 7.5 “excessive”)
- CVE-2024-11066: Bug enabling attackers with admin privileges to execute arbitrary instructions on the host working system via a selected net web page. (CVSS v3 rating: 7.2 “excessive”)
A fast search on the FOFA search engine for publicly uncovered units and software program exhibits that there are near 60,000 D-Hyperlink DSL6740C modems reachable over the web, most of them in Taiwan.
TWCERTCC has revealed advisories for 4 extra high-severity OS command injection vulnerabilities that affect the identical D-Hyperlink system. The bugs are tracked as CVE-2024-11062, CVE-2024-11063, CVE-2024-11064, and CVE-2024-11065.
Though the variety of susceptible units uncovered on the general public net is critical, D-Hyperlink has made it clear previously [1, 2] that end-of-life (EoL) units should not coated by updates, even when essential bugs are involved.
If customers cannot change the affected system with a variant that the seller nonetheless helps, they need to a minimum of prohibit distant entry and set safe entry passwords.