A few vulnerabilities have been discovered in wireless routers manufactured by Zyxel, D-Link, and Netgear, which allow remote access to the devices without authentication.
Zyxel Vulnerabilities:
- In Zyxel routers, it was revealed that there are predetermined passwords in the accounting records that grant access to the device. The vulnerabilities (CVE-2024-40890, CVE-2024-40891) allow for the substitution of system commands via specially designed post-scripts in the Web interface or Telnet operations. Despite limited Telnet access, a complete shell with Root rights can be accessed using specific commands. This combination of vulnerabilities has already been exploited for malicious activities such as installing malware like Mirai.
- The D-Link series DSL-3788 routers were found to have a vulnerability (CVE-2024-57440) that allows unauthorized access to the device. By sending a request with an excessively large Sessionid field to the WebProc cgi script, unauthorized code execution can occur due to a buffer overflow issue. D-Link has issued a firmware update
The affected Zyxel device models include VMG1312-B10*, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500. Zyxel has stated that they will not release a firmware update to address these issues as the maintenance period for these devices has expired.
Researchers have identified around 1,500 vulnerable devices that receive external network requests via Telnet using services like FOFA and Censys.
/Reports, release notes, official announcements.