In a recent discovery, D-Link DIR-859 WiFi routers have been found to contain a critical path traversal vulnerability that poses a risk of information disclosure. This vulnerability, known as CVE-2024-0769, impacts all hardware versions and firmware iterations of the DIR-859 router model.
The DIR-859, which has officially reached its end-of-life status, will no longer receive updates or patches from D-Link. This lack of ongoing support leaves users vulnerable to potential security breaches and data leaks.
Security experts from GreyNoise, a reputable security firm, have identified the vulnerability within the /htdocs/cgibin directory of the DIR-859 router. By exploiting this vulnerability through a specially crafted HTTP POST request sent to the router’s web interface, attackers can bypass security protocols and access sensitive user information stored in configuration files.
The exploit allows unauthorized parties to retrieve the DEVICE.ACCOUNT.xml file, which contains crucial data such as usernames, passwords, group details, and user descriptions. This breach of information poses a significant threat to the confidentiality and privacy of DIR-859 users.
To address this security issue, D-Link strongly advises users of DIR-859 routers to discontinue the use of these devices and replace them with newer, supported models. Continuing to operate end-of-life products like the DIR-859 exposes users to potential risks and compromises their network security.
The implications of this vulnerability are far-reaching and pose long-term challenges for affected users:
– The lack of official patches for end-of-life products leaves users permanently vulnerable to exploitation.
– Sensitive information exposed by the vulnerability remains a valuable target for attackers throughout the device’s lifespan.
– The possibility of combining this vulnerability with other unknown weaknesses could lead to complete control over compromised devices.
For users in the United States who are unable to replace their routers immediately, it is crucial to implement additional security measures. This includes disabling remote management features, using strong and unique passwords, monitoring router logs for suspicious activity, and considering the use of a VPN for enhanced security.
D-Link’s official security advisory emphasizes the importance of retiring the DIR-859 router to mitigate potential risks to connected devices. Users who opt to continue using these vulnerable devices must ensure they have the latest firmware updates, regularly change their device passwords, and enable WiFi encryption with unique credentials.
While the motive behind accessing the disclosed router information remains unclear, researchers highlight the continuous value of this data to attackers as long as the devices remain connected to the internet. This underscores the importance of prompt action and proactive security measures to safeguard against potential breaches and data compromises.