Updates have been issued by D-Link to fix five serious security flaws impacting its DIR-X4860 and DIR-X5460 Wi-Fi 6 routers and COVR-X1870 dual band mesh Wi-Fi 6 router, three of which were of critical severity, SC Media reports.
Two of the critical vulnerabilities, tracked as CVE-2024-45694 and CVE-2024-45695, were stack-based overflow issues that could be exploited to facilitate remote code execution, while the other critical issue, tracked as CVE-2024-45697, could be utilized to allow logins with hard-coded credentials. Also addressed by D-Link were a pair of high-severity bugs, including CVE-2024-45696, which could be used to force telnet service activation, and CVE-2024-45698, which could be abused to allow logins even for attackers on a different local network.
All of the vulnerabilities were reported by D-Link to have been disclosed by the Taiwan Computer Emergency Response Team without providing a 90-day period to address the issues. However, TWCERT noted that it had set the disclosure to Sep. 16 after obtaining a copy of the fixes from D-Link a week earlier.