Ref# AL2024_36 | Date: Sep 3rd 2024

---

Description 

 D-Link has issued a warning regarding four Remote Code Execution (RCE) vulnerabilities affecting all hardware and firmware versions of its DIR-846W router. The company has stated that it will not be fixing these flaws, as the router has reached its end-of-life (EOL) and end-of-support (EOS) stages. The vulnerabilities, three of which are rated as critical, were discovered by security researcher yali-1002, who has withheld publishing proof-of-concept (PoC) exploits. Despite the seriousness of these vulnerabilities, D-Link recommends that users retire the device due to the lack of ongoing support. 

 Details 

 The four RCE vulnerabilities are as follows: 

•  CVE-2024-41622: This critical vulnerability, with a CVSS v3 score of 9.8, allows remote command execution via the tomography_ping_address parameter in the /HNAP1/ interface. No authentication is required for exploitation. 
• CVE-2024-44340: Rated with a CVSS v3 score of 8.8 due to the requirement for authenticated access, this vulnerability enables RCE via the smartqos_express_devices and smartqos_normal_devices parameters in the SetSmartQoSSettings function. 

• CVE-2024-44341: Another critical flaw, with a CVSS v3 score of 9.8, which can be exploited through a crafted POST request targeting the lan(0)_dhcps_staticlist parameter. 

• CVE-2024-44342: This critical vulnerability, also with a CVSS v3 score of 9.8, allows RCE via the wl(0).(0)_ssid parameter. 

The DIR-846W routers, primarily sold outside the U.S., remain in use in various global markets despite having reached EOL in 2020. Given the nature of these flaws, the routers are at significant risk of being compromised by malware botnets like Mirai and Moobot, which could lead to devices being recruited into Distributed Denial of Service (DDoS) attacks. 

 Remediation 

Since D-Link will not be releasing any patches for these vulnerabilities, the primary recommendation is to retire and replace the DIR-846W router with a supported model that receives regular security updates. If replacing the device is not immediately possible, users should take the following steps to mitigate risk: 

• Update to the latest available firmware: Ensure the router is running the latest firmware version provided by D-Link before support ends. 

• Secure the admin portal: Use a strong, unique password for the web admin portal to prevent unauthorized access. 

• Enable Wi-Fi encryption: Ensure Wi-Fi encryption is enabled to add a layer of security to the wireless network. 

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary. 

 PDF Download: DLink DIR846W Routers Four Critical RCE Flaws Unfixed

References 

Toulas, B. (2024b, September 3). D-Link says it is not fixing four RCE flaws in DIR-846W routers. Retrieved from BleepingComputer. https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/ 

Son, D. (2024, September 3). D-Link Won’t Fix 4 RCE Vulnerabilities in DIR-846W Router. Retrieved from Cybersecurity News. https://securityonline.info/d-link-wont-fix-4-rce-vulnerabilities-in-dir-846w-router/#:~:text=The%20D-Link%20DIR-846W%20routers%20affected%20by%20these%20vulnerabilities,not%20be%20providing%20patches%20to%20fix%20these%20issues.