Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.
The telnet service on vulnerable D-Link routers does not properly verify user input data. Hardcoded access credentials are embedded in the device firmware, which an attacker can use to log in to the telnet service without any authorization. After gaining access, it is possible to inject arbitrary operating system (OS) commands, which are then executed directly on the device.
An attacker can gain full control over the device — read and modify configuration, intercept network traffic, and potentially use the router as an entry point to the local network. Confidentiality, integrity, and availability of the system are compromised at the highest level.
Apply patches available from the manufacturer in accordance with references. It is also recommended to block access to the telnet service at the firewall level and isolate the management interface from the public network until updates are deployed.
Selected D-Link wireless router models from the DIR-X4860 line (specific firmware versions indicated in manufacturer references / TWCERT)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir X4860
HWDlinka1Dlink Dir X4860 Firmware
OSDlink1.001.04
Related vulnerabilities
Stack-based Buffer Overflow w routerach D-Link DIR-X5460 umożliwiający RCE
Stack-based Buffer Overflow w routerach D-Link DIR-X4860 umożliwiający RCE
D-Link DIR-X4860 — ukryta usługa telnet z zakodowanymi danymi logowania
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web...
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)