D-Link has issued a warning to its customers regarding the discovery of four vulnerabilities in the routers of the DIR-846W model. These vulnerabilities, including three critical ones, allow for Remote Code Execution (RCE) and impact all versions of the equipment and firmware. However, D-Link will not be releasing any fixes as the product is no longer supported.
The vulnerabilities were identified by Safety Researcher Yali-1002, who provided limited details on their GitHub page. While the information was made public on August 27, 2024, there have been no Proof of Concept (POC) exploits released so far.
The identified vulnerabilities include:
- CVE-2024-41622 – RCE vulnerability through the Tomography_ping_Address parameter/Hnap1/ (CVSS V3: 9.8).
- CVE-2024-44340 – RCE vulnerability through the parameters of Smartqos_Express_Devices and Smartqos_normal_devices in the Setsmartqsettings function (CVSS V3: 8.8 due to authentication requirement).
- CVE-2024-44341 – RCE vulnerability through the Lan parameter (0) _DHCPS_STATICLIST, exploit possible through a specially formed post-request (CVSS V3: 9.8).
- CVE-2024-44342 – RCE vulnerability through the WL parameter (0) _SSID (CVSS V3: 9.8).
D-Link has acknowledged the security issues but stated that they fall under the End of Life (EOL) policy, meaning no further firmware updates will be provided. Although support for the DIR-846W ended over four years ago, many users still utilize these devices without encountering issues until hardware failures or functional limitations occur.
In an official statement, D-Link advises users to discontinue the use of the product due to the potential risk it poses to connected devices. The company highlights the real threat as DIR-846W routers are prevalent in various countries, including regions in Latin America where they are still sold.
D-Link strongly recommends users to replace the outdated product with newer and supported models. If replacement is not feasible, users should ensure they have the latest firmware installed, utilize strong passwords for the admin interface, and enable Wi-Fi encryption to enhance security.
It is important to safeguard routers against potential threats, especially since D-Link vulnerabilities are often exploited by botnets like Mirai and Moobot for DDOS attacks. Users are advised to take precautionary measures before any POC exploits