A Proof of Concept (PoC) has been released for a critical information disclosure vulnerability in D-LINK routers.
This flaw, which has been identified as a major security risk, allows unauthorized access to sensitive information, including passwords.
The vulnerability was highlighted by DarkWebInformer on Twitter, raising alarms within the cybersecurity community.
🚨PoC Released🚨CVE-2024-33113 is a vulnerability in the D-LINK DIR-845L router that allows information disclosure through the bsc_sms_inbox.php file. The vulnerability arises from improper handling of the include() function, which can be exploited by manipulating the $file… pic.twitter.com/EcmowgLOaj
— Dark Web Informer (@DarkWebInformer) June 24, 2024
Details of the Vulnerability
The vulnerability affects several models of D-LINK routers, which are widely used in residential and commercial settings.
According to the PoC, the flaw can be exploited remotely, enabling attackers to retrieve configuration files that contain plaintext passwords.
Scan Your Business Email Inbox to Find Advanced Email Threats - [Try AI-Powered Free Threat Scan](https://trustifi.com/real-time-threat-scan?utm_source=cybersecuritynews&utm_medium=link&utm_campaign=CyberSecuritynews&utm_id=cybersecuritynews)
This type of information disclosure can lead to unauthorized access to the network, potentially compromising all connected devices.
The PoC demonstrates how an attacker can exploit the vulnerability by sending a specially crafted request to the router’s web interface.
The router then responds with sensitive information, including administrativecredentials.
This kind of exploit is particularly dangerous because it does not require physical access to the device, making it a prime target for remote attacks.
Industry Response and Recommendations
The release of the PoC has prompted immediate responses from cybersecurity experts and industry professionals.
Users of affected D-LINK routers are advised to update their firmware to the latest version, which may contain patches for this vulnerability.
Additionally, it is recommended that all default passwords be changed and that solid, unique passwords be implemented for all network devices.
D-LINK has yet to issue an official statement regarding the vulnerability, but they are expected to release a security advisory and firmware updates to address the issue.
In the meantime, users are urged to take proactive measures to secure their networks and monitor for any unusual activity.
This incident underscores the importance of regular security updates and vigilance in protecting network infrastructure from emerging threats.
As more details emerge, users must stay informed and take necessary actions to safeguard their data.
**Free** **Webinar! 3 Security Trends to Maximize MSP Growth -> [Register For Free](https://go.cynet.com/3-security-trends-to-maximize-msp-growth?utm_source=cyber_security_news&utm_medium=sponsored_article&utm_campaign=Q2-sponsored-webinars)**
