Jump to content

Routers have several unpatched vulnerabilities


atiustira

Recommended Posts

D-Link routers have several unpatched vulnerabilities, the worst of which could allow an attacker to gain total control over a device, according to a systems engineer in Canada. The flaw can be exploited if an attacker can lure a user into visiting a specially-crafted malicious Web page that delivers a html form using Javascript, he said.

The form accesses a service running on the router called ncc/ncc2 which does not filter out malicious commands. The ncc/ncc2 service appears to handle dynamic requests, such as updating usernames and passwords, Adkins said.

 

As a result, an attacker can gain full access to the router, and perform actions such as launching a telnet service or changing a router’s DNS (Domain Name System) settings, an attack know as pharming.

Read more here.

https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2

 

http://www.itworld.com/article/2889995/dlink-remote-access-vulnerabilities-remain-unpatched.html#tk.rss_security

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...