- Home
- Alerts & Advisories
- Alerts
- Active Exploitation of Vulnerabilities in D-Link Routers
Active Exploitation of Vulnerabilities in D-Link Routers
27 May 2024
There have been reports of active exploitation of vulnerabilities affecting D-Link DIR-600 and DIR-605 routers.
The vulnerabilities are:
CVE-2014-100005: Successful exploitation of the cross-site request forgery (CSRF) vulnerability could allow an attacker to hijack an existing administrator session and change router configurations.
CVE-2021-40655: Successful exploitation of the information disclosure vulnerability could allow an attacker to obtain login credentials by forging a POST request to an affected router's configuration page.
The vulnerabilities affect the following products:
DIR-600
DIR-605
DIR-605L
The affected D-Link products have reached End of Life (EOL). Users and administrators of affected EOL products are advised to retire and replace their devices with products that are supported by the manufacturer.
More information is available here:
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10393