D-Link EXO AX4800 Routers: A Zero-Day Exploit Unveiled. Here is what we know.

FlowerStorm

D-Link EXO AX4800 Routers: A Zero-Day Exploit Unveiled. Here is what we know.

A new cybersecurity concern has surfaced. The D-Link EXO AX4800 routers, (DIR-X4860) router, a high-performance Wi-Fi 6 device, is now vulnerable to a remote command execution (RCE) zero-day exploit.

DIRX5460KeyVisualsred-1024x652 D-Link EXO AX4800 Routers: A Zero-Day Exploit Unveiled. Here is what we know.

The Discovery

The SSD Secure Disclosure team of researchers discovered this vulnerability. They found that the router could be compromised by attackers who gain access to the Home Network Administration Protocol (HNAP) port.

The researchers found that the router could be compromised if attackers gain access to the HNAP port. In most cases, accessing the HNAP port on the D-Link DIR-X4860 router is relatively straightforward as it’s usually HTTP (port 80) or HTTPS (port 443) accessible through the router’s remote management interface.

The Exploit in D-Link EXO AX4800 Routers

The proof-of-concept (PoC) exploit for this RCE zero-day flaw is now publicly available. The exploitation process involves a series of steps, beginning with a specially crafted HNAP login request to the router’s management interface. By bypassing authentication mechanisms, attackers can gain authenticated access and exploit a command injection vulnerability. This allows them to execute arbitrary commands within the router’s operating system.

The Implications

This vulnerability poses a severe risk to users’ network security. Attackers can potentially take complete control of the device. Despite multiple attempts to notify D-Link of these issues, including sharing detailed exploitation instructions, the flaws remain unaddressed. More details can be found here.

The Mitigation of D-Link EXO AX4800 Routers vulnerability

While waiting for a security firmware update, users are advised to disable the device’s remote access management interface to mitigate the risk of exploitation. This precaution can help safeguard their networks against potential attacks.

In conclusion, the release of the PoC exploit for the RCE zero-day flaw in D-Link EXO AX4800 routers serves as a reminder of the importance of robust cybersecurity measures. Users of the DIR-X4860 are urged to remain vigilant and take necessary precautions to protect their networks.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment