Digital Defense Discloses Zero-Day Vulnerabilities in D-Link VPN Routers

Posted by Jay Bartlett December 8, 2020 9:00 am Categories: Corporate News, Customer Implementations Tags: D-LINK, Digital Defense, VPN Routers.

Work From Home Use of Popular VPN Routers Increases Immediacy of Critical Patch

Digital Defense announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

These devices are commonly available on consumer websites/ecommerce sites such as Amazon, Best Buy, Office Depot and Walmart. Given the rise in work-from-home due to the pandemic, more employees may be connecting to corporate networks using one of the affected devices.

The vulnerable component of these devices is accessible without authentication. From both WAN and LAN interfaces, this vulnerability could be exploited over the Internet.

Consequently, a remote, unauthenticated attacker with access to the router’s web interface could execute arbitrary commands as root, effectively gaining complete control of the router. With this access, an attacker could intercept and/or modify traffic, cause denial of service conditions and launch further attacks on other assets. D-Link routers can connect up to 15 other devices simultaneously.

“Our standard practice is to work in tandem with organizations on a coordinated disclosure effort to facilitate a prompt resolution to a vulnerability. The Digital Defense VRT reached out to D-Link who worked diligently on a patch. We will continue outreach to customers ensuring they are aware and able to take action to mitigate any potential risk introduced by the vulnerability,” states Mike Cotton, senior vice president of engineering at Digital Defense.

D-Link is a global leader in designing and developing networking and connectivity products for consumers, small businesses, medium to large-sized enterprises and service providers. Since 1986, the company has grown into an award-winning global brand with over 2,000 employees in 60 countries. D-Link’s line of VPN routers enable remote workers to connect securely to company resources.

What You Can Do

D-Link’s recent advisory provides more details about the updates that have been released, which should be applied: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195.

Digital Defense Research Methodology and Practices

The Digital Defense VRT regularly works with organizations promoting the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company’s next generation hybrid cloud platform, FrontlineVulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and assists, where possible, with the vendor’s remediation actions.

To view Digital Defense’s zero-day advisories to date, please visit: https://www.digitaldefense.com/vulnerability-research-team/vulnerability-research/.

Serving clients across numerous industries, Digital Defense’s innovative and leading-edge technology helps organizations safeguard sensitive data and ease the burdens associated with information security.

Source: digitaldefense.com

0 Comments

How An Innovative Control Room Can Help Secure The Budding Cannabis Market

It’s no secret that the cannabis industry is growing. Numerous states across the United States, from California to Maine, have legalized recreational cannabis, with 33 total states allowing cannabis for medicinal uses. And it’s not just the United States that’s seeing this trend: Canada’s official legalization of recreational cannabis took effect last October. This growth is leading to incredible opportunities in the industry, with the global market valued at $10.3 billion in 2018 and projected to reach $39.4 billion by 2023. This market opportunity expands far beyond the companies that directly deal with the cannabis plant, with numerous adjacent businesses on track to experience benefits.