EOL D-Link Router: Critical Flaws, No Fix in Sight
D-Link has alerted its customers to the presence of four vulnerabilities, allowing for remote code execution (RCE), in the DIR-846W router model. These vulnerabilities affect all hardware versions and firmware, yet no patches will be released as the product is no longer supported.
Three of these vulnerabilities are deemed critical, as revealed by security researcher yali-1002, who shared minimal details on their GitHub page. The information was made public on August 27, 2024, though no proof-of-concept exploits have been released yet.
The identified vulnerabilities include:
- CVE-2024-41622 — an RCE vulnerability via the tomography_ping_address parameter in the /HNAP1/ interface (CVSS v3 score: 9.8).
- CVE-2024-44340 — an RCE vulnerability via the smartqos_express_devices and smartqos_normal_devices parameters in the SetSmartQoSSettings function (CVSS v3 score: 8.8 due to authentication requirements).
- CVE-2024-44341 — an RCE vulnerability via the lan(0)_dhcps_staticlist parameter, exploitable through a specially crafted POST request (CVSS v3 score: 9.8).
- CVE-2024-44342 — an RCE vulnerability via the wl(0).(0)_ssid parameter (CVSS v3 score: 9.8).
D-Link has confirmed the existence of these security issues but stated that they fall under the End of Life (EOL) policy, meaning no further firmware updates will be provided.
Although support for the DIR-846W ceased over four years ago, many users continue to utilize these devices without encountering significant problems until hardware failures or functional limitations arise.
In an official statement, the company emphasized that the product should be decommissioned, as continued usage could pose risks to connected devices. This threat is tangible, given that DIR-846W routers are widely used in various countries and are still being sold in some regions, including Latin America.
D-Link strongly advises users to immediately replace this outdated product with more modern and supported models. If replacement is not feasible, users should ensure the latest firmware version is installed, use strong passwords for the web admin interface, and enable Wi-Fi encryption.
D-Link routers’ vulnerabilities are often exploited by botnets like Mirai and Moobot to co-opt devices for DDoS attacks. In light of this, securing these routers is crucial before proof-of-concept exploits become publicly available.
