D-link Warns Of New RCE Flaws In End-of-life Dir-878 Routers

D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets.

Technical details and proof-of-concept (PoC) exploit code demonstrating the vulnerabilities have been published by a researcher using the name Yangyifan.

Typically used in homes and small offices, the DIR-878 was hailed as a high-performance dual-band wireless router when it launched in 2017.

Even if the device is no longer supported, it can still be purchased new or used for prices between $75 and $122.

However, as DIR-878 has reached end-of-life (EoL) in 2021, D-Link warned that it will not release security updates for this model and recommends replacing it with an actively supported product.

In total, D-Link's security advisory lists four vulnerabilities, only one of them requiring physical access or control over a USB device for exploitation.

Despite being remotely exploitable, and exploit code already publicly available, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has assessed that the vulnerabilities have a medium-severity score.

However, a publicly available exploit typically captures threat actors' attention, especially botnet operators, who usually include them in their arsenal to expand targeting.

For instance, the large-scale botnet RondoDox uses more than 56 known flaws, some affecting D-Link devices, and keeps adding more of them.

More recently, BleepingComputer reported on the Aisuru botnet, which launched a massive distributed denial-of-service (DDoS) attack against Microsoft's Azure network, sending 15.72 terabits per second (Tbps) from over 500,000 IP addresses.

Source: BleepingComputer