Multiple D-Link Routers Open to Complete Takeover with Simple Attack

[silversurfer]

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher.

Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May, uncovering that they affect the DWR-111, DWR-116, DWR-140, DWR-512, DWR-640, DWR-712, DWR-912 and DWR-921 models. However, he claims that D-Link told him that only the DWR-116 and 111 would be patched, because the rest have reached end-of-life and will no longer be supported.

“The attack is too simple,” Adamczyk said in a recent posting. “An attacker having a directory traversal (or local file inclusion) can easily get full router access.”

Source: https://threatpost.com/multiple-d-link-r...ck/138383/