Digital security specialists at Trustwave (SpiderLabs) have once again found “numerous security vulnerabilities” in one of D-Link’s home broadband routers, specifically the DSL-2888A, which could allow a malicious WiFi or local network user to gain unauthorised access to the device.
In short, the company made five main discoveries: insufficient authentication (CVE-2020-24579), information leakage (CVE-2020-24577), FTP misconfiguration (CVE-2020-24578), hidden functionality (CVE-2020-24581), and improper authentication (CVE-2020-24580). All told this means that a hacker, entering via the WiFi or local wired network, could gain unauthorised access to the router’s web interface, obtain the router password hash, gain plaintext credentials, and execute system commands on the router. Not ideal.
The good news is that, on the 30th October 2020, D-Link published a support announcement and released a new firmware to patch the vulnerabilities that Harold Zang, Technical Security Specialist at Trustwave, had identified on their DSL-2888A router. Luckily this model is no longer widely available and is more common in Australia, but some people in the UK do use it. If you’re one of those, then get patching.
Comments are closed