D-Link Family (GO-RT-AC750, Wireless Routers) Security Update Advisory (CVE-2024-22853, CVE-2024-6045)
Overview
D-Link has advised caution for a vulnerability in the GO-RT-AC750 (CVE-2024-22853)
An update has been provided to address a vulnerability in specific models of D-Link wireless routers. Users of the affected models are advised to update to the latest version. (CVE-2024-6045)
Affected Products
CVE-2024-22853
- D-LINK: Go-RT-AC750
CVE-2024-6045
- D-Link wireless router models: G403, G415, G416, M18, R03, R04, R12, R18
- D-Link wireless router models: E30, M30, M32, M60, R32
- D-Link wireless router models: E15, M15, R15
Resolved Vulnerabilities
Vulnerability in D-LINK Go-RT-AC750 via a hardcoded password for the Alphanetworks account allows remote attackers to gain root access via a telnet session (CVE-2024-22853)
Certain models of D-Link wireless routers have a factory test backdoor that allows a malicious attacker on the local network to access the device via the Telnet service and gain administrative privileges (CVE-2024-6045).
Vulnerability Patches
The affected product was retired from support on July 23, 2016 (CVE-2024-22853)
Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version. (CVE-2024-6045)
G403, G415, G416, M18, R03, R04, R12, R18 models: versions 1.10.01 or later
E30, M30, M32, M60, R32 models: versions 1.10.02 or later
E15, M15, R15 models: versions 1.20.01 or later
Referenced Sites
[1] CVE-2024-22853 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-22853
[2] D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 Description
https://github.com/advisories/GHSA-9fhr-gx36-jrfv
[3] Security Bulletin
https://www.dlink.com/en/security-bulletin/
[4] CVE-2024-6045 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-6045
[5] D-Link router – Hidden Backdoor