SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Critical zero-day vulnerability in D-Link routers exposes thousands
Wed, 27th Mar 2024

Ensign InfoSecurity, one of Asia’s largest cybersecurity service providers, has recently uncovered a critical zero-day vulnerability in D-Link DIR-822 routers.

Accordingto Ensign, this crucial security flaw could potentially expose users, from everyday individuals to large-scale enterprises, to various cyber threats, including data theft.

Once exploited, the vulnerability enables attackers to remotely access affected routers, potentially allowing internal network attackers to gain control, implement malicious code, steal sensitive data, or incorporate the device into a botnet. The issue illuminates not only individual users but also key infrastructure sectors, thus calling for urgent redressal.

Vulnerabilities of this nature have proven historically troublesome for enterprises. Evidence of this issue's magnitude comes from a recent Shodan search on Sierra routers. A month following the discovery of a similar vulnerability, over 86,000 such routers were found exposed on the internet, despite the rollout of publicly accessible patches.

The affected devices span across essential infrastructure sectors such as manufacturing, healthcare, energy, transport, water, emergency services, and vehicle tracking. The problem underlines the necessity forurgent awareness and action by not just individual users, but also enterprises.

A team of vulnerability researchers at Ensign discovered the zero-day vulnerability due to a stack-based buffer overflow vulnerability in the Home Network Administration Protocol service. The security threat has also been listed under the public catalogue of known security threats provided by the globally available knowledge base MITRE ATT&CK.

The discovered vulnerability permits malicious actors to manipulate the affected router's arbitrary remote code execution - a potentially disastrous scenario. Ensign InfoSecurity urgently appeals to users to take necessary measures such as replacing their routers to diminish potential risks and protect themselves against likely exploitation.

Ensign's Cyber Threat Landscape Report 2023 pinpointed energy and healthcare as sectors most prone to cyber threats in Singapore. This reaffirms the need for proactive preventative measures to recognise vulnerabilities before they escalate, as such threats extend beyond individual users to entire sectors.

"We live in an increasingly connected world, with more devices linked to the internet than ever before. This gives attackers full access to IoT devices like routers, which were not designed to defend against sophisticated attacks", addressed Tan Ah Tuan, Head of Ensign Labs at Ensign. Mr Tuan emphasised the importance of identifying and addressing these threats promptly. "Through the deployment of Ensign InfoSecurity's proprietary tools, our vulnerability researchers automated our analysis and discovered the zero-day vulnerability", he added.

D-Link urges users of D-Link devices that have reached End of Life (EOL) and End of Service (EOS) to retire and replace their devices. These products may pose potential risks to devices connected to them. Furthermore, the latest firmware version (v2.03B01) released for DIR-822-CA (Rev.B) on 27 October 2023 is still vulnerable to exploitation, highlighting the needed intervention.