Threat actors are abusing a vulnerability in an outdated D-Link router to steal people's sensitive data, researchers claimed.
Cybersecurity experts at GreyNoise recently reported observing hackers abusing a critical vulnerability in D-Link DIR-859 Wi-Fi routers.
The flaw is described as a path traversal vulnerability leading to information disclosure and is known as CVE-2024-0769. It has a severity score of 9.8/10 and was first discovered in January 2024.
A fair warning
Researchers said threat actors are targeting the 'DEVICE.ACCOUNT.xml' file, to obtain all account names, passwords, user groups, and user descriptions found on the device.
The worst part is that the device reached end of life in early 2020, meaning D-Link will not fix this defect. Instead, users are recommended to replace the hardware with a newer component that is still supported by the vendor. Still, D-Link published a security advisory warning its customers about a vulnerability discovered in the 'fatlady.php' component of the device. In the advisory, the company explained that the flaw affects all versions of the firmware and allows threat actors to escalate privileges and gain full control of the device through the administration panel.
The researchers subtly criticized D-Link, suggesting that issuing a security advisory without a patch is meaningless.
“It is unclear at this time what the intended use of this revealed information is; it should be noted that these devices will never receive a patch,” the researchers said.
“Any information disclosed from the device will remain valuable to attackers for the life of the device, as long as it remains connected to the Internet.”
However, information like this can serve as a warning to motivate users to migrate to a newer device, or at least to shift the responsibility of a potential data breach to the consumer.
Through Computer beeping
