Home
 » ISP News » 
Sponsored

Trustwave Find Security Holes in D-Link’s DSL-2888A Router

Thursday, December 17th, 2020 (2:00 pm) - Score 552
d-link-DSL-2888A

Digital security specialists at Trustwave (SpiderLabs) have once again found “numerous security vulnerabilities” in one of D-Link’s home broadband routers, specifically the DSL-2888A, which could allow a malicious WiFi or local network user to gain unauthorised access to the device.

In short, the company made five main discoveries: insufficient authentication (CVE-2020-24579), information leakage (CVE-2020-24577), FTP misconfiguration (CVE-2020-24578), hidden functionality (CVE-2020-24581), and improper authentication (CVE-2020-24580). All told this means that a hacker, entering via the WiFi or local wired network, could gain unauthorised access to the router’s web interface, obtain the router password hash, gain plaintext credentials, and execute system commands on the router. Not ideal.

The good news is that, on the 30th October 2020, D-Link published a support announcement and released a new firmware to patch the vulnerabilities that Harold Zang, Technical Security Specialist at Trustwave, had identified on their DSL-2888A router. Luckily this model is no longer widely available and is more common in Australia, but some people in the UK do use it. If you’re one of those, then get patching.

Leave a Comment
0 Responses

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £15.00 (*25.00)
    Speed 50Mbps, Unlimited
    Gift: None
  • Vodafone £19.50 (*22.50)
    Speed 35Mbps, Unlimited
    Gift: None
  • NOW £20.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • Shell Energy £21.99 (*30.99)
    Speed 35Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*38.20)
    Speed 36Mbps, Unlimited
    Gift: £65 Reward Card
Large Availability | View All
Cheapest Ultrafast ISPs
  • Hyperoptic £20.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: None
  • Vodafone £24.00 (*27.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Community Fibre £25.00 (*29.50)
    Speed: 300Mbps, Unlimited
    Gift: None
  • Gigaclear £26.00 (*54.00)
    Speed: 400Mbps, Unlimited
    Gift: None
  • Virgin Media £27.00 (*51.00)
    Speed: 108Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3498)
  2. BT (3008)
  3. Politics (1923)
  4. Building Digital UK (1917)
  5. FTTC (1882)
  6. Openreach (1821)
  7. Business (1675)
  8. Mobile Broadband (1468)
  9. Statistics (1405)
  10. FTTH (1364)
  11. 4G (1270)
  12. Fibre Optic (1165)
  13. Virgin Media (1159)
  14. Wireless Internet (1151)
  15. Ofcom Regulation (1139)
  16. Vodafone (836)
  17. EE (830)
  18. TalkTalk (760)
  19. 5G (760)
  20. Sky Broadband (744)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact