1. Forum
  2. tqw
  3. TQW GENTECH

  • D-Link says it won't patch 60,000 older modems, as they're not wo

    From TechnologyDaily@1337:1/100 to All on Wednesday, November 13, 2024 15:15:05
    D-Link says it won't patch 60,000 older modems, as they're not worth saving

    Date:
    Wed, 13 Nov 2024 15:04:00 +0000

    Description:
    The D-Link modems are carrying critical flaws that allow for device takeover.

    FULL STORY ======================================================================Security
    researchers find critical flaws in modems reaching End of Life D-Link says
    it won't patch them, and recommends upgrading the hardware There are some 60,000 vulnerable devices out there

    Older D-Link routers are potentially vulnerable to more than one critical security issue which could allow threat actors to take over the devices. However, since they have reached end-of-life status (EoL), the company says
    it will not be releasing any patches, and advises users to replace the endpoints with newer models.

    The news comes shortly after we reported multiple D-Link NAS endpoints were found vulnerable to CVE-2024-10914, a command injection flaw with a 9.2 severity score - however the company again said it wouldnt be issuing a fix, since the affected devices have all reached EoL.

    Now, security researcher Chaio-Lin Yu (Steven Meow) found three bugs plaguing the D-Link DSL6740C modem. One is tracked as CVE-2024-11068, has a severity score of 9.8, and allows threat actors to change passwords through privileged API access. The other two are CVE-2024-11067, and CVE-2024-11066, and are a path traversal flaw and a remote code execution (RCE) flaw, with 7.5 and 7.2 scores, respectively. Tens of thousands of vulnerable endpoints

    Roughly 60,000 vulnerable devices are currently connected to the internet,
    the majority being located in Taiwan. The model isnt even available in the
    US, BleepingComputer states, since it reached EoL almost a year ago. With
    that in mind, D-Link said it wouldnt be addressing the flaw, and suggests "retiring and replacing D-Link devices that have reached EOL/EOS."

    The same model is also vulnerable to four additional high-severity command injection flaws, the publication states, citing information from the
    Taiwanese computer and response center (TWCERTCC). These flaws are tracked as CVE-2024-11062, CVE-2024-11063, CVE-2024-11064, and CVE-2024-11065.

    Users who are unable to replace their routers at the moment are advised to at least restrict remote access, and set secure access passwords, to minimize
    the chance of compromise. This would be a wise move since routers are one of the most targeted endpoints out there. You might also like D-Link routers are being hacked to steal customer passwords but it says there is no patch
    Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/d-link-says-it-wont-patch-60-000-older- modems-as-theyre-not-worth-saving


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)