www.belgium.be Logo of the federal government

WARNING — Critical Remote Code Execution vulnerability D-Link VPN Routers

Reference: 
Advisory #2020-037
Version: 
1.0
Affected software: 
D-Link DSR-150
DSR-250
DSR-500
DSR-1000AC VPN routers
Firmware version 3.14 and 3.17 of the appliances above
Type: 
RCE, Remote Code Excution (root privileges)
CVE/CVSS: 

N/A

Date: 
09/12/2020

Sources

https://supportannouncement.us.dlink.com/announcement/publication.aspx?n...

Risks

These devices are commonly available on consumer websites/e-commerce sites.
Given the rise in work-from-home due to the pandemic, more employees may be connecting to corporate networks using one of the affected devices.

Description

An attacker can exploit this vulnerability without authentication remotely over the internet with root privileges, gaining complete control of the router.
An attacker could intercept and/or modify traffic, cause denial of service conditions and launch further attacks on other assets.

remark: D-Link routers can connect up to 15 other devices simultaneously.

Recommended Actions

CERT.be recommends system administrators to install the latest updates released by the vendor for the affected versions, after proper testing. As an extra precaution, it's advised to check your logs for anomalies. If there is any indication that an attacker accessed sensitive files, you should treat your network as compromised.

Download the latest updates via : https://supportannouncement.us.dlink.com/announcement/publication.aspx?n...

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?n...