1.0 Introduction
Recently, D-Link has issued a security advisory addressing multiple critical vulnerabilities, including a Remote Code Execution (RCE) vulnerability affecting several D-Link wireless router models.
2.0 Impact
These vulnerabilities, if exploited, could allow an attacker to gain remote access and control over affected D-Link routers. Attackers could execute arbitrary commands, steal sensitive information, manipulate network traffic, or take control of the router, leading to further attacks on connected devices within the network.
3.0 Affected system/product/version
- DIR-X5460 A1 firmware version v1.11B01_Hot-Fix and below
- DIR-X4860 A1 firmware version v1.04B04_Hot-Fix and below
- COVR-X1870 firmware version v1.02 and below
4.0 CVE Details
| CVE | Description | Severity |
| CVE-2024-45694 | The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 Critical |
| CVE-2024-45695 | The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device | 9.0 High |
| CVE-2024-45696 | Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. | 8.8 High |
| CVE-2024-45697 | Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. | 9.8 High |
| CVE-2024-45698 | Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | 8.8 Critical |
5.0 Recommendations
CyberSecurity Malaysia advises users and administrators of affected D-Link wireless routers to update the latest version of firmware given below to mitigate the vulnerabilities. Users should apply the necessary updates as soon as possible.
Kindly refer to the URL given below:
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact the Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web: https://www.mycert.org.my
6.0 References
- https://supportannouncement.us.dlink.com/
- https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412
- https://securityaffairs.com/168471/security/d-link-rce-wireless-router-models.html
- https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
- https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html
- https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html
- https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
- https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html
- https://support.dlink.com/resource/SECURITY_ADVISEMENTS/COVR-X1870/COVR-X1870_REVA1_HOTFIX_FIRMWARE_V1.03B01.zip
- https://support.dlink.com/resource/SECURITY_ADVISEMENTS/DIR-X4860/DIR-X4860_REVA1_HOTFIX_FIRMWARE_v1.04B05.zip
- https://support.dlink.com/resource/SECURITY_ADVISEMENTS/DIR-X5460/REVA/DIR-X5460_REVA1_HOTFIX_FIRMWARE_v1.11B04.zip