D-Link Releases Patch For Hard-coded Password Vulnerabilities

Share post:

D-Link recently released a firmware hotfix for all affected customers on July 15, after fixing the bugs in the DIR-3040 AC3000 wireless internet router.

Vulnerabilities discovered and reported by Cisco Talos security researcher Dave McDaniel could allow an attacker to execute arbitrary code on unpatched routers and gain access to sensitive information upon successful exploitation.

The Zebra IP Routing Manager of the router and the Libcli Environment functionality contains the vulnerabilities CVE-2021-21818 and CVE-2021-2180, which contain hard encrypted passwords and credentials.

Both of these could allow threat actors targeting D-Link DIR-3040 routers to bypass the authentication rules which are configured by the software administrator.

The five vulnerabilities that D-Link is fixing with the hotfix are CVE-2021-21816, CVE-2021-21817, CVE-2021-21818, CVE-2021-21819, and CVE-2021-21820.

For more information, read the original story in Bleeping Computer.


Related articles

CrowdStrike update causes global IT outages, fix is available

Some airlines, banks and government services around the world have been affected by a faulty software update for...

Charges dismissed in SolarWinds hacking case

A judge has dismissed most of the Securities and Exchange Commission's (SEC) fraud charges against SolarWinds related to...

Canadian is among foreign nationals pleading guilty to involvement with Lockbit ransomware

Two foreign nationals have pleaded guilty in the US District of New Jersey to their involvement in the...

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways