Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Do 16.05.2024 00:00:11 7.200 +1 582.907 81,0 NerdCulture 4.2.8 500 Mi 15.05.2024 00:00:11 7.199 0 582.454 80,9 NerdCulture 4.2.8 500 Di 14.05.2024 00:00:12 7.199 +1 582.020 80,8 NerdCulture 4.2.8 500 Mo 13.05.2024 00:00:14 7.198 +1 581.576 80,8 NerdCulture 4.2.8 500 So 12.05.2024 00:00:10 7.197 0 581.064 80,7 NerdCulture 4.2.8 500 Sa 11.05.2024 00:00:12 7.197 0 580.518 80,7 NerdCulture 4.2.8 500 Fr 10.05.2024 00:00:11 7.197 0 580.068 80,6 NerdCulture 4.2.8 500 Do 09.05.2024 00:00:13 7.197 0 579.360 80,5 NerdCulture 4.2.8 500 Mi 08.05.2024 00:00:12 7.197 -2 578.822 80,4 NerdCulture 4.2.8 500 Di 07.05.2024 00:00:20 7.199 0 578.180 80,3 NerdCulture 4.2.8 500
Olly 👾 (@Olly42) · 01/2024 · Tröts: 180 · Folger: 18
Do 16.05.2024 16:54
PoC Exploit released for RCE Zero-Day in D-Link Routers.
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
https://ssd-disclosure.com/ssd-advisory-d-link-dir-x4860-security-vulnerabilities/
#dlink #router #wifi #vulnerability #rce #zeroday #it #security #tech #news
Accessing the Home Network Administration Protocol (HNAP) port on the D-Link DIR-X4860 router is relatively straightforward in most cases, as it's usually HTTP (port 80) or HTTPS (port 443) accessible through the router's remote management interface.
Login request that bypasses the authentication step. [Source: SSD Secure Disclosure] The attack begins with a specially crafted HNAP login request to the router's management interface, which includes a parameter named 'PrivateLogin' set to "Username" and a username of "Admin".
The D-Link DIR-X4860 router is a high-performance Wi-Fi 6 router capable of speeds of up to 4800 Mbps and advanced features like OFDMA, MU-MIMO, and BSS Coloring that enhance efficiency and reduce interference.
[Öffentlich] Antw.: 0 Wtrl.: 2 Fav.: 0 · via Metatext