- Unpatched D-Link Router Vulnerabilities Disclosed
A researcher has disclosed the details of several unpatched vulnerabilities affecting D-Link DIR-850L routers and mydlink cloud services. The expert discovered in mid-June that both revisions A and B of the DIR-850L firmware lack proper protection. The former allows an attacker to easily forge a firmware image, while the latter is protected with a hardcoded password. He also found several cross-site scripting (XSS) vulnerabilities that can be exploited to steal authentication cookies from logged-in users. Hackers could also exploit various flaws to change a router’s DNS settings and forward the victim’s traffic to a malicious server, because some services to enter a denial-of-service (DoS) condition, and execute arbitrary commands as root via the DHCP client.
Cyber security Tips: Company had patched three vulnerabilities and other are as part of a hacking competition called Hack2Win, users are strongly recommended that apply patches as soon as possible.