• Likes
  • Followers

Trending

  • EEC registration mentions arrival of MSI GeForce RTX 4070 video cards with 12GB memory
  • Photos show first AM5 motherboard with AMD A620 chipset
  • OBS Studio 29.1 lets users live stream to YouTube with AV1 codec
  • AMD document mentions Phoenix APUs with Performance and Efficiency cores
  • Portions of Twitter source code have been leaked on GitHub
  • Rumor: Second-generation Intel Arc GPUs will get up to twice as many Xe cores
  • Ming-Chi Kuo: USB-C AirPods Pro to be released in Q2 or Q3 of this year
  • US media companies want to be compensated by AI companies
  • Arduino introduces Uno R4 microcontroller with 32bit Arm CPU
  • Microsoft releases fix for screenshot bug in Windows

TechWarrant.Com TechWarrant.Com - Best Technology Stuff from Around the World

  • Home
  • Apps
  • Games
  • Informative
  • Internet
    • Extensions & Addns
    • Web Site
  • Gadgets
  • News
  • Review
  • Vehicles & Robots
  • Top Lists
  • Tips & Tutorial
  • Misc.
  • Contact
TechWarrant
  • Home
  • News
  • D-Link patches router but leaves two vulnerabilities
News

D-Link patches router but leaves two vulnerabilities

By admin On Jun 15, 2020

D-Link has released a patch for the DIR-865L router. This fixes four vulnerabilities that could be used to read data. It is striking that D-Link does not repair two vulnerabilities, including a command injection.

The bugs are fixed in the DIR-865L, which is now end-of-sale in Europe. Security researchers from Palo Alto Networks found the vulnerabilities in the router. In total there are six bugs. The bugs are quite serious; they receive scores between 7.5 and 9.8 on a severity scale from the National Vulnerability Database.

The vulnerabilities make it possible to retrieve a lot of information via the router. For example, it is possible to inject code and thus upload malware to a network, or to read data. These include cross-site request forgery and command injection. In addition, in some cases encryptions are not strong, and data is stored and sent somewhere in plain text.

Palo Alto Networks researchers discovered the leak in February and agreed the report with the router maker. It is striking that D-Link only fixes four of the six vulnerabilities. The bug that allows command injection, CVE-2020-13782, and sending information in plain text, CVE-2020-13787, will not be fixed. It is not known why D-Link does not fix those two specific leaks. Maybe that has to do with the phasing out of the routers. In the United States, the router is already end-of-life.

CVE-2020-13786 Several pages in the web interface are vulnerable to cross-site request forgery. This allowed files containing malware to be uploaded.
CVE-2020-13785 The encryption to login to the portal was partly sent in plain text. It was possible to retrieve the password with a brute force attack.
CVE-2020-13784 The algorithm to calculate the session cookie was predictable.
CVE-2020-13783 The password for the router was stored in plain text in tools_admin.php.
CVE-2020-13787 The password for the guest network was encrypted with WEP
CVE-2020-13782 Code could be entered with admin rights when connecting to scandir.sgi

Prev Post

Silicon Power Announces PCI-E 4.0 SSDs

Next Post

Capcom has shipped over 100 million Resident Evil games

Recent Posts
  • EEC registration mentions arrival of MSI GeForce RTX 4070 video cards with 12GB memory
  • Photos show first AM5 motherboard with AMD A620 chipset
  • OBS Studio 29.1 lets users live stream to YouTube with AV1 codec
  • AMD document mentions Phoenix APUs with Performance and Efficiency cores
  • Portions of Twitter source code have been leaked on GitHub
  • Rumor: Second-generation Intel Arc GPUs will get up to twice as many Xe cores
  • Ming-Chi Kuo: USB-C AirPods Pro to be released in Q2 or Q3 of this year
  • US media companies want to be compensated by AI companies
  • Arduino introduces Uno R4 microcontroller with 32bit Arm CPU
  • Microsoft releases fix for screenshot bug in Windows
© 2023 - TechWarrant. All Rights Reserved.
Sign in

Welcome, Login to your account.

Forget password?
Sign in

Recover your password.

A password will be e-mailed to you.