Digital Defense, Inc. Discloses Zero-Day Vulnerabilities in D-Link VPN Routers

SAN ANTONIO - Dec. 8, 2020 - PRLog -- Digital Defense, Inc. (http://www.digitaldefense.com/?pressrelease), a leader in vulnerability management and threat assessment solutions (https://www.digitaldefense.com/platform/?pressrelease), today announced that its Vulnerability Research Team (VRT) (https://www.digitaldefense.com/technologies/ddi-vrt/?pressrelease) uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

These devices are commonly available on consumer websites/ecommerce sites such as Amazon, Best Buy, Office Depot and Walmart. Given the rise in work-from-home due to the pandemic, more employees may be connecting to corporate networks using one of the affected devices.

The vulnerable component of these devices is accessible without authentication. From both WAN and LAN interfaces, this vulnerability could be exploited over the Internet. Consequently, a remote, unauthenticated attacker with access to the router's web interface could execute arbitrary commands as root, effectively gaining complete control of the router. With this access, an attacker could intercept and/or modify traffic, cause denial of service conditions and launch further attacks on other assets. D-Link routers can connect up to 15 other devices simultaneously.

D-Link is a global leader in designing and developing networking and connectivity products for consumers, small businesses, medium to large-sized enterprises and service providers. Since 1986, the company has grown into an award-winning global brand with over 2,000 employees in 60 countries. D-Link's line of VPN routers enable remote workers to connect securely to company resources.

What You Can Do

D-Link's recent advisory provides more details about the updates that have been released, which should be applied: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195​. For additional information, customers should contact D-Link directly.

About Digital Defense:

Serving clients across numerous industries, Digital Defense's innovative and leading-edge technology helps organizations safeguard sensitive data and ease the burdens associated with information security. Frontline.Cloud (https://www.digitaldefense.com/platform/?pressrelease), the original Security SaaS platform, delivers unparalleled accuracy and efficiencies through multiple systems including Frontline Vulnerability Manager (Frontline VM^™), Frontline Web Application Scanning (Frontline WAS^™), Frontline Active Threat Sweep (Frontline ATS^™) and Frontline Pen Test^™, while SecurED^®, the company's security awareness training, promotes employees' security-minded behavior.
Contact Digital Defense at 888-273-1412; visit www.digitaldefense.com (https://www.digitaldefense.com/?pressrelease), our blog (https://www.digitaldefense.com/resources/blog/?pressrelease), LinkedIn (https://www.linkedin.com/company/digital-defense-inc/) or follow @Digital_Defense (https://twitter.com/Digital_Defense) on Twitter.