NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

    Cyber Security News
    2
    1
    23
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      • The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. The D-Link DIR-X4860 router is a high-performance Wi-Fi 6 router capable of speeds of up to 4800 Mbps and advanced features like OFDMA, MU-MIMO, and BSS Coloring that enhance efficiency and reduce interference. The device is particularly popular in Canada, and it's sold in the global market according to D-Link's website, and still actively supported by the vendor. Today, the SSD Secure Disclosure team of researchers announced that they discovered flaws in DIR-X4860 devices running the latest firmware version, DIRX4860A1_FWV1.04B03, which enables unauthenticated remote command execution (RCE). "Security vulnerabilities in DIR-X4860 allow remote unauthenticated attackers that can access the HNAP port to gain elevated privileges and run commands as root," reads SSD's disclosure. "By combining an authentication bypass with command execution the device can be completely compromised." Accessing the Home Network Administration Protocol (HNAP) port on the D-Link DIR-X4860 router is relatively straightforward in most cases, as it's usually HTTP (port 80) or HTTPS (port 443) accessible through the router's remote management interface. The SSD analysts have shared step-by-step exploitation instructions for the issues they discovered, making a proof-of-concept (PoC) exploit now publicly available. The attack begins with a specially crafted HNAP login request to the router's management interface, which includes a parameter named 'PrivateLogin' set to "Username" and a username of "Admin". The router responds with a challenge, a cookie, and a public key, and these values are used to generate a valid login password for the "Admin" account. A follow-up login request with the HNAP_AUTH header and the generated LoginPassword is sent to the target device, essentially bypassing authentication.

      ที่มาแหล่งข่าว
      https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/

      e6cca333-4cac-4f04-a404-2c54334c5b2f-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post