Critical Flaw Found in D-Link Routers, Users Urged to Update

A team of vulnerability researchers at Ensign InfoSecurity (“Ensign”), Asia’s largest cybersecurity service provider, discovered a zero-day vulnerability in D-Link DIR-822 router due to a stack-based buffer overflow vulnerability in the Home Network Administration Protocol service. The vulnerability has additionally been published under the public catalogue of known security threats by the globally accessible knowledge base MITRE ATT&CK.

The vulnerability exposes users to malicious actors’ exploitation to gain arbitrary remote code execution on the affected router. Ensign urges users to take necessary precautions, including replacing their routers, to mitigate potential risks and safeguard against any potential exploitation. In the event of the vulnerability being exploited, attackers on the internal network can target and take over the router, execute malicious code, steal sensitive data, or potentially turn it into a part of a botnet.

Ensign’s Cyber Threat Landscape Report 2023 identified energy and healthcare as the sectors most vulnerable to cyber threats in Singapore. This highlights the imperative for proactive preventive measures to detect vulnerabilities before they escalate, as the threat extends beyond individual users to encompass entire sectors. With the largest on-ground incident response team in Singapore and dedicated R&D teams, Ensign is well-equipped to identify and address such threats promptly, assisting organisations in safeguarding their systems.

Tan Ah Tuan, Head of Ensign Labs, Ensign, “We live in an increasingly connected world, with more devices linked to the internet than ever before. This gives attackers full access to IoT devices like routers, which were not designed to defend against sophisticated attacks, and lets them exploit bugs in the software and gain full control. Through the deployment of Ensign InfoSecurity’s proprietary tools our vulnerability researchers automated our analysis, discovered the zero-day vulnerability, and approached D-Link with the information. We aspire to work closer with the community to combat vulnerability exploitation by malicious actors.”

The latest firmware version (v2.03B01) released for DIR-822-CA (Rev.B) on 27 October 2023 is still vulnerable to exploitation. Firmware development for DIR-822 (Rev. A and Rev.B models) has ceased and these devices will no longer be supported. D-Link US recommends D-Link devices that have reached EOL/EOS, to be retired and replaced. They also cautioned that any further use of this product may be a risk to devices connected to it.