Security researchers warn of currently increased attacks on older and current critical security gaps in routers from D-Link.
For security reasons, anyone who owns a D-Link router should ensure that the firmware is up to date. If this does not happen, attackers could target vulnerabilities in the software and, in the worst case, gain full control over devices.
Dangerous vulnerabilities
Security researchers from Unit 42 (Palo Alto Networks) warn that attackers are exploiting a total of four vulnerabilities from 2015, 2018 and 2022 to attack devices. The gaps are as “critical“. If attacks are successful, the execution of malicious code should be possible, which leads to the router being completely compromised.
With the current vulnerabilities (CVE-2022-26258, CVE-2022-28958), this is said to be the case due to insufficient checks by certain HTTP requests. If attacks are successful, the attackers should integrate the devices into the MooBot botnet. The routers are then misused for DDoS attacks.
Update or discard
The security researchers state that there are now patches that close the gaps. However, they do not name any specific versions in their contribution. There is no information about the vulnerabilities in the security section of the D-Link website. It is also not known which models are affected. As a result, owners of D-Link routers should check the firmware for updates. Older devices that are no longer supported should no longer be used.
In their article, the researchers list indicators (indicators of compromise) that indicate whether attackers are or were already active on a router.
