D-Link has recently addressed critical vulnerabilities in three widely-used wireless router models, which could allow remote attackers to execute arbitrary code or gain unauthorized access using hardcoded credentials.

The affected models are popular among consumers, particularly those seeking high-performance Wi-Fi 6 routers (DIR-X series) and mesh networking systems (COVR series). These routers are frequently found in home and small office setups, making them high-profile targets for potential cyber threats.

Affected Models and Firmware Versions

The vulnerabilities affect the following firmware versions:

  • COVR-X1870 (non-US): Firmware versions v1.02 and earlier
  • DIR-X4860 (worldwide): Firmware versions v1.04B04_Hot-Fix and older
  • DIR-X5460 (worldwide): Firmware versions v1.11B01_Hot-Fix and earlier

Key Vulnerabilities

D-Link’s security bulletin highlights five vulnerabilities, three of which are rated critical. Below are the details of each flaw:

  1. CVE-2024-45694 (9.8 Critical): A stack-based buffer overflow that allows remote, unauthenticated attackers to execute arbitrary code on the device.
  2. CVE-2024-45695 (9.8 Critical): Another stack-based buffer overflow that provides a similar exploit path for attackers to execute code remotely.
  3. CVE-2024-45696 (8.8 High): Attackers can enable the telnet service using hardcoded credentials, allowing unauthorized access within the local network.
  4. CVE-2024-45697 (9.8 Critical): The telnet service is automatically activated when the WAN port is plugged in, exposing the device to remote access through hardcoded credentials.
  5. CVE-2024-45698 (8.8 High): A flaw in the input validation of the telnet service permits attackers to log in and execute OS-level commands using hardcoded credentials.

Fixes and Recommendations

To address these vulnerabilities, D-Link advises customers to update their router firmware to the following versions:

  • COVR-X1870: v1.03B01
  • DIR-X4860: v1.04B05
  • DIR-X5460: DIR-X5460A1_V1.11B04

These firmware updates close the security gaps and prevent remote exploitation.

Disclosure Timeline and Manufacturer Response

D-Link discovered these flaws through the Taiwanese CERT (TWCERT) on June 24, 2024. However, the company was not given the typical 90-day period to develop patches before the vulnerabilities were publicly disclosed by third-party researchers. In its security bulletin, D-Link expressed concerns over this early disclosure, noting that such actions expose users to additional risks before patches can be officially released.

“When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches,” D-Link stated. “The third-party publicly disclosed the problem before the patches were available on our standard 90-day security patch release schedule. We do not recommend that security researchers act in this manner, as they expose end-users to further risks without patches being available from the manufacturer.”

No Exploitation Detected Yet, But Action Is Crucial

At the time of writing, D-Link has not reported any in-the-wild exploitation of these vulnerabilities. However, given that D-Link devices are often targeted by malware botnets, it is crucial for users to update their firmware immediately to avoid any potential security breaches.

For further details or assistance, users are encouraged to visit D-Link’s official support page and follow the guidance for securing their devices.

Shares: