D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router.
Following successful exploitation, they can let attackers execute arbitrary code on unpatched routers, gain access to sensitive information or crash the routers after triggering a denial of service state.
The DIR-3040 security flaws discovered and reported by Cisco Talos security researcher Dave McDaniel include hardcoded passwords, command injection, and information disclosure bugs.
Authentication bypass via specially crafted requests
Both of them allow threat actors targeting vulnerable D-Link DIR-3040 routers to bypass the authentication process configured by the software administrator.
Attackers can trigger them by sending a sequence of specially crafted network requests that lead either to denial of service and code execution on the targeted router, respectively.
Additionally, it makes it possible to start a “hidden telnet service can be started without authentication by visiting https:///start_telnet” and log into the Libcli test environment using a default password stored in unencrypted form on the router.
Vulnerabilities addressed in firmware hotfix
The complete list of vulnerabilities addressed by D-Link with these hotfix includes:
- CVE-2021-21816 – Syslog information disclosure vulnerability
- CVE-2021-21817 – Zebra IP Routing Manager information disclosure vulnerability
- CVE-2021-21818 – Zebra IP Routing Manager hard-coded password vulnerability
- CVE-2021-21819 – Libcli command injection vulnerability
- CVE-2021-21820 – Libcli Test Environment hard-coded password vulnerability
D-Link says that the firmware hotfix released to address the bugs found by Cisco Talos is “a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release.”
The table below lists the vulnerable router models and links to the updated firmware version containing the fix.
|Model||Hardware Revision||Affected FW||Fixed FW||Recommendation||Last Updated|
|DIR-3040||All Ax Hardware Revisions||v1.13B03 & Below||v1.13B03 Hotfix||1) Please Download Patch and Update Device
2) Full QA Firmware under test for automatic F/W update notification on D-Link Wifi mobile App
D-Link has patched other severe vulnerabilities in multiple router models in the past, including remote command injection bugs enabling attackers to take complete control of vulnerable devices.
Previously, the company fixed five critical vulnerabilities impacting some of its routers that made it possible for threat actors to steal admin credentials, bypass authentication, and execute arbitrary code in reflected Cross-Site Scripting (XSS) attacks.