Hacker News: D-Link says it won’t patch 60k older modems

Source URL: https://www.techradar.com/pro/security/d-link-says-it-wont-patch-60-000-older-modems-as-theyre-not-worth-saving
Source: Hacker News
Title: D-Link says it won’t patch 60k older modems

Feedly Summary: Comments

AI Summary and Description: Yes

Summary: Security researchers have identified critical vulnerabilities in D-Link modems that have reached end-of-life status, which the company will not patch. This situation highlights the importance of maintaining infrastructure security and the risks associated with using unmaintained devices in the network.

Detailed Description: The recent discovery of critical security flaws in D-Link modems, specifically those that have reached end-of-life (EoL), raises significant concerns for infrastructure security professionals. With approximately 60,000 vulnerable devices connected to the internet—predominantly in Taiwan—this creates a ripe environment for threat actors to exploit these security weaknesses.

Key Points:

– **Critical Vulnerabilities Identified**:
– D-Link routers, particularly the DSL6740C model, have multiple vulnerabilities:
– **CVE-2024-11068**: A serious flaw (severity 9.8) allowing unauthorized password changes via privileged API access.
– **CVE-2024-11067** and **CVE-2024-11066**: A path traversal flaw (severity 7.5) and a remote code execution (RCE) flaw (severity 7.2), respectively.
– Additional command injection vulnerabilities are also reported.

– **End-of-Life (EoL) Status**:
– D-Link has declared that it will not provide patches for any vulnerabilities found in devices that have reached EoL.
– The recommendation is to replace old hardware, as they are beyond the support lifecycle.

– **Security Risks**:
– Routers are typically attractive targets for cybercriminals due to their network-level access.
– Users are advised, as a temporary measure, to restrict remote access and strengthen passwords to reduce the risk of exploitation.

– **Recommendations for Security Professionals**:
– Evaluate and identify any EoL hardware within your infrastructure.
– Implement an upgrade strategy to replace outdated devices with supported models to mitigate security risks.
– Educate users about the importance of securing network devices and recognizing vulnerabilities.

This incident serves as a critical reminder of the necessity for regular hardware audits and the potential impact on network security from failing to upgrade obsolete devices.