A critical unauthenticated Remote Code Execution (RCE) vulnerability<\/a> has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely.<\/p>\n The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This vulnerability was reported by Max Bellia of SECURE NETWORK BVTECH.<\/p>\n The vulnerability resides in the webproc CGI component of the router\u2019s<\/a> firmware. Attackers could exploit it by sending a specially crafted sessionid to the router.\u00a0<\/p>\n The flaw lies in the COMM_MakeCustomMsg function within the libssap library, which fails to validate input length properly, leading to a buffer overflow. This oversight enables arbitrary code execution with root privileges.<\/p>\n \u201cIt is possible to create a request with a specially crafted sessionid that, when received by the webproc CGI, will lead to the execution of arbitrary code. This happens because the function \u201cCOMM_MakeCustomMsg\u201d of the libssap library used by the webproc CGI does not check the length of the input, leading to a buffer overflow\u201d, reads the advisory.<\/p>\n Successful exploitation of this vulnerability could have severe consequences:<\/p>\n D-Link acted promptly upon receiving the report<\/a>, releasing a patched firmware version. The company emphasized its commitment to user privacy and network security, stating that it has a dedicated task force to address emerging threats.<\/p>\n \u201cD-Link takes network security and user privacy very seriously. We strongly urges all users to install the relevant updates and regularly check for further updates\u201d, the company said.<\/p>\n This incident underscores the importance of timely software updates and proactive vulnerability management in safeguarding network devices.<\/p>\n Find this story interesting! Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for more instant updates.<\/strong><\/p>\n The post D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n\nD-Link Routers<\/strong> Let Attackers Gain Full Control<\/strong>
\n<\/h2>\nCollect Threat Intelligence with\u00a0TI Lookup\u00a0to Improve Your Company\u2019s Security\u00a0-\u00a0Get 50 Free Request<\/a><\/code><\/strong><\/p>\n\n
Affected Models<\/strong><\/h2>\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXeS_RzzfR8Zks-d5wz0K9tE3MG1MxtnYyglR28wPNcfrbIoyLb5FDMW77x5YPVW3i5myrbNgOMXTSDFlMHC0kdzc053VcXYC_FDMfGeYfg2jWT0SJOwpGWN2l5nK1TMAbnyhPUU?key=qozWlwdtVZkWdVtgBzOBaZa7\")