Security researchers have discovered a critical vulnerability that affects D-Link DIR-859 Wi-Fi routers. This vulnerability, which is currently being exploited by hackers, can expose user credentials and provide remote access to a user’s local network. D-Link won’t patch the problem and suggests that customers buy a new router.
The vulnerability, tracked as CVE-2024-0769, carries a severity score of 9.8 and affects all D-Link DIR-859 routers (regardless of their current firmware version).
Hackers can exploit the CVE to target the ‘DEVICE.ACCOUNT.xml’ file and obtain sensitive information, such as the device’s password. Configuration files associated with access control lists (ACLs) and device firewall settings may also be targeted.
“The exploit’s variations, including one observed in the wild by GreyNoise, enable the extraction of account details from the device. The product is End-of-Life, so it won’t be patched, posing long-term exploitation risks. Multiple XML files can be invoked using the vulnerability.” – GreyNoise
Researchers first identified CVE-2024-0769 in January of 2024. Security monitoring group GreyNoise has since observed an attempt to exploit the vulnerability in the wild. While “an” attack isn’t too scary, this CVE has been disclosed for a while, so previous attacks may have simply gone undetected. (And, in any case, future attacks are certain.)
The D-Link DIR-859 launched in 2015 and was discontinued on December 10th, 2020. It’s an extremely outdated router, so poor security doesn’t come as much of a surprise. D-Link has published a security advisory to raise awareness of the issue, but it refuses to provide a patch, which is also unsurprising.
For those wondering, D-Link doesn’t appear to be offering discounts or coupons to affected customers.
Those who currently use the D-Link DIR-859 Wi-Fi router should replace it with a new router. Thankfully, the DIR-859 was an entry-level router with limited speeds and specs—any cheap replacement will be an upgrade in terms of speed, reliability, and security. If you’re on a budget, I suggest the ASUS RT-AX1800S. It offers Wi-Fi 6 connectivity, five Gigabit LAN ports, and dual-band MU-MIMO functionality (which was a notable omission from the D-Link DIR-859 at the time of its release).
Whatever router you choose, be sure to set it up with a brand new username and password. The username and password associated with your D-Link DIR-859 router may have been compromised.
Source: GreyNoise via TechRadar
