Security update: Malicious code attacks can damage D-Link routers
In the latest firmware, D-Link developers have closed an apparently critical vulnerability in the DSL-3788 router.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
Because certain inputs are not sufficiently checked, attackers can push malicious code onto the D-Link DSL-3788 router and execute it. As a rule, devices are then considered fully compromised. The manufacturer has now released a security update and recommends urgent installation.
Block malicious code
This is stated in an official support article. The vulnerability can be found in the COMM_MakeCustomMsg function of the libssap library. This allows attackers to send prepared requests to the webproc CGI. Because the length of the input is not checked, this leads to a memory error, which paves the way for malicious code.
Attacks should be possible remotely and without authentication. A CVE number has apparently not yet been assigned. As a result, the threat level has not yet been classified. The CERT Bund classifies the risk as “critical”.
Videos by heise
The vulnerability was discovered by a security researcher with the pseudonym Sparrrgh. He provides details in a blog post. D-Link states that it has closed the gap in version v1.01R1B037. It is currently not known whether there are already attacks. The manufacturer recommends a quick update.
(des)
