Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: D-Link Tells Users To Trash Old VPN Routers Over Bug Too Dangerous To
Identify

Link: https://it.slashdot.org/story/24/11/20/189224...

Owners of older models of D-Link VPN routers are being told to retire and
replace their devices following the disclosure of a serious remote code
execution (RCE) vulnerability. From a report: Most of the details about the
bug are being kept under wraps given the potential for wide exploitation. The
vendor hasn't assigned it a CVE identifier or really said much about it at
all other than that it's a buffer overflow bug that leads to unauthenticated
RCE. Unauthenticated RCE issues are essentially as bad as vulnerabilities
get, and D-Link warned that if customers continued to use the affected
products, the devices connected to them would also be put at risk. Previous
bugs in similar products from other vendors have carried warnings that
attackers could exploit them to install rootkits and use that persistent
access to surveil an organization's web traffic, potentially stealing data
such as credentials. Further reading: D-Link Won't Fix Critical Flaw
Affecting 60,000 Older NAS Devices.

Read more of this story at Slashdot.

---
VRSS v2.1.180528