Unpatchable D-Link DIR-859 Router Flaw Puts Passwords at Risk of Theft 

2 Mins Read

PUREVPNNewsUnpatchable D-Link DIR-859 Router Flaw Puts Passwords at Risk of Theft 

A recently discovered vulnerability in D-Link DIR-859 WiFi routers is causing significant concern among cybersecurity experts. This flaw, identified as CVE-2024-0769, allows hackers to compromise user passwords and gain control of the device. 

Despite the discontinuation of the D-Link DIR-859, the persistence of this unpatchable issue poses a continuing threat to users. Read on to learn more about it and what you can do to keep your sensitive data safe!

Discovered in January, the path traversal flaw has received a severity score of 9.8. The vulnerability is found in the “fatlady.php” file and affects all firmware versions of the router. This enables attackers not only to view session data but also to escalate privileges and potentially gain complete control over the affected routers via the admin panel.

Given that the D-Link DIR-859 is an end-of-life product, the manufacturer will not release any patches to correct this vulnerability. Therefore, D-Link has advised users to replace their current devices with ones that receive regular security updates.

Current Exploits and Security Implications

GreyNoise, a threat monitoring platform, has observed active exploits leveraging this vulnerability. Attackers execute a sophisticated attack by sending a malicious POST request to ‘/hedwig.cgi’, which exploits CVE-2024-0769 to gain access to sensitive files such as ‘getcfg’ within the router’s configuration.

Malicious POST request (Source: GreyNoise)

The primary target appears to be the ‘DEVICE.ACCOUNT.xml’ file, where attackers extract usernames, passwords, and user group information, indicating a clear intent to take over the devices. “It is unclear at this time what the intended use of this disclosed information is, it should be noted that these devices will never receive a patch,” said GreyNoise.

Potential Targets and Preventive Measures

The attacks do not stop at just one file; the ‘DHCPS6.BRIDGE-1.xml’ file and others like ACL.xml.php and ROUTE.STATIC.xml.php are also at risk. These files contain critical configurations for access control lists, NAT settings, firewall configurations, and more.

To stay protected, users have no other option but to replace their D-Link DIR-859 routers with supported models. Moreover, they should stay informed about potential threats that could exploit similar vulnerabilities.

author

Anas Hasan

date

July 1, 2024

time

3 days ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

Google Pixel 6 Series Faces Bricking Issues After Resets

Google Pixel 6 Series Faces Bricking Issues After Resets
Posted on July 3, 2024
Patelco Faces Ransomware Attack, Shuts Down Banking Systems

Patelco Faces Ransomware Attack, Shuts Down Banking Systems
Posted on July 3, 2024
Cisco Switches Zero-Day Exploited by Chinese Hackers

Cisco Switches Zero-Day Exploited by Chinese Hackers
Posted on July 2, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN