Released in July Android update (levels 2019-07-01 and 2019-07-05) brought patches for 33 vulnerabilities in…
Alas, as it became known now, due to the “senior age” of this model, routers still did not receive corrections for all detected vulnerabilities. Therefore, the researchers found the following bugs in the D-Link DIR-865L:
It is worth noting that although the vulnerability CVE-2020-13782 has received critical status, researchers write in their report that its use still requires authentication. Although this can be achieved using the aforementioned CSRF bug, it still reduces the level of danger of the problem.
However, experts say that combining some of these vulnerabilities could allow attackers to intercept the victim’s network traffic and steal session cookies, which, of course, is very dangerous.
D-Link specialists responded to the experts’ message with the beta version of the firmware, however, as can be concluded from the above list, only three of the six vulnerabilities were fixed in it: CSRF, weak encryption and storage of confidential information in clear text.
Moreover, D-Link representatives generally recommend that users from the United States abandon the use of problematic routers, as this can be dangerous for devices and connected to them users.
By the way, we wrote that the developers of D-Link and Linksys routers reset Smart Wi-Fi passwords due to DNS spoofing attacks.
Bleeping Computer requested comments from company representatives, wanting to know the fate of the three remaining vulnerabilities, but the manufacturer did not respond.
“Most users rarely change their routers and do not monitor the expiration of their support period. This type of equipment is more likely to belong to the “install and forget” category, and routers are changed only when they cease to function”, – write Bleeping Computer journalists.
Because of this, it is unlikely that many D-Link DIR-865L owners will ever read the manufacturer’s warning or install patches for at least three of the six vulnerabilities.
By the way, do not relax and read how attackers can spy on you through certain models of D-Link cameras.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…