Trustwave Find Security Holes in D-Link’s DSL-2888A Router
Digital security specialists at Trustwave (SpiderLabs) have once again found “numerous security vulnerabilities” in one of D-Link’s home broadband routers, specifically the DSL-2888A, which could allow a malicious WiFi or local network user to gain unauthorised access to the device.
In short, the company made five main discoveries: insufficient authentication (CVE-2020-24579), information leakage (CVE-2020-24577), FTP misconfiguration (CVE-2020-24578), hidden functionality (CVE-2020-24581), and improper authentication (CVE-2020-24580). All told this means that a hacker, entering via the WiFi or local wired network, could gain unauthorised access to the router’s web interface, obtain the router password hash, gain plaintext credentials, and execute system commands on the router. Not ideal.
The good news is that, on the 30th October 2020, D-Link published a support announcement and released a new firmware to patch the vulnerabilities that Harold Zang, Technical Security Specialist at Trustwave, had identified on their DSL-2888A router. Luckily this model is no longer widely available and is more common in Australia, but some people in the UK do use it. If you’re one of those, then get patching.
Advertisement
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« EE’s 4G Mobile Network Covers 94% of All Great Britain’s Roads
Openreach Hire 5,300 Extra UK Fibre Engineers and Go Full EV »
Comments are closed