Weekly Comments

1 - 7 January 2020

Security researchers have disclosed a pair of vulnerabilities affecting at least 13 D-Link router models.

Security researchers have disclosed a pair of vulnerabilities affecting at least 13 D-Link router models. CVE-2019-17621 is a remote command execution flaw that resides in the code used to manage UPnP requests.  An unauthenticated attacker with access to the same local area network segment of the vulnerable device can exploit the vulnerability to assume full control of the router. The other vulnerability, tracked as CVE-2019-20213, is an information disclosure issue that could be exploited by an attacker to obtain a device’s VPN configuration file, potentially exposing sensitive information. The proof-of-concept exploits for both vulnerabilities are available on the Internet. D-Link has also released firmware updates to address both vulnerabilities except for vulnerable models that have reached end of life. D-Link router users are strongly encouraged to upgrade their router to minimise potential attacks.

References:

D-Link DIR-859 — Unauthenticated Information Disclosure [EN]

D-Link DIR-859 —Unauthenticated RCE (CVE-2019–17621) [EN]

CVE-2019-17621 :: Unauthenticated Remote Command Execution & CVE-2019-20213 :: Information Disclosure LAN-side Security Vulnerability

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence