Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Mi 03.07.2024 00:02:06 7.218 +2 596.470 82,6 NerdCulture 4.2.9 500 Di 02.07.2024 00:01:46 7.216 0 596.034 82,6 NerdCulture 4.2.9 500 Mo 01.07.2024 00:01:27 7.216 0 595.653 82,5 NerdCulture 4.2.9 500 So 30.06.2024 00:01:08 7.216 0 595.129 82,5 NerdCulture 4.2.9 500 Sa 29.06.2024 00:01:19 7.216 0 594.555 82,4 NerdCulture 4.2.9 500 Fr 28.06.2024 00:01:14 7.216 0 602.563 83,5 NerdCulture 4.2.9 500 Do 27.06.2024 00:01:15 7.216 +1 602.291 83,5 NerdCulture 4.2.9 500 Mi 26.06.2024 00:01:08 7.215 +1 601.689 83,4 NerdCulture 4.2.9 500 Di 25.06.2024 00:00:03 7.214 0 601.279 83,3 NerdCulture 4.2.9 500 Mo 24.06.2024 00:00:12 7.214 0 600.804 83,3 NerdCulture 4.2.9 500
Olly 👾 (@Olly42) · 01/2024 · Tröts: 222 · Folger: 23
Mi 03.07.2024 14:11
Critical D-Link DIR-859 Router Flaw to steal Passwords.
The security issue was disclosed in January and is currently tracked as CVE-2024-0769 (9.8 severity score).
D-Link is not expected to release a fixing patch for CVE-2024-0769, so owners of the device should switch to a supported device as soon as possible.
https://www.labs.greynoise.io/grimoire/2024-06-25-dlink-again/
#dlink #dir859 #router #eol #flaw #issue #steal #password #it #security #privacy #tech #technology #engineering #news
Although D-Link DIR-859 WiFi router model reached end-of-life (EoL) and no longer receives any updates, the vendor still released a security advisory explaining that the flaw exists in the "fatlady.php" file of the device, affects all firmware versions, and allows attackers to leak session data, achieve privilege escalation and gain full control via the admin panel.
![Contents of the retrieved configuration file
[ImageSource: GreyNoise]
The researchers explain that threat actors are targeting the 'DEVICE.ACCOUNT.xml' file to dump all account names, passwords, user groups and user descriptions present on the device.](https://nerdculture.de/system/media_attachments/files/112/722/449/977/549/800/small/a249383fedaea7e3.png "Contents of the retrieved configuration file
[ImageSource: GreyNoise]
The researchers explain that threat actors are targeting the 'DEVICE.ACCOUNT.xml' file to dump all account names, passwords, user groups and user descriptions present on the device.")
Contents of the retrieved configuration file [ImageSource: GreyNoise] The researchers explain that threat actors are targeting the 'DEVICE.ACCOUNT.xml' file to dump all account names, passwords, user groups and user descriptions present on the device.
![Malicious POST request
[ImageSource: GreyNoise]
The attack leverages a malicious POST request to '/hedwig.cgi,' exploiting CVE-2024-0769 to access sensitive configuration files ('getcfg') via the 'fatlady.php' file, which potentially contains user credentials.](https://nerdculture.de/system/media_attachments/files/112/722/450/339/596/493/small/b16fbeb6fb88d842.png "Malicious POST request
[ImageSource: GreyNoise]
The attack leverages a malicious POST request to '/hedwig.cgi,' exploiting CVE-2024-0769 to access sensitive configuration files ('getcfg') via the 'fatlady.php' file, which potentially contains user credentials.")
Malicious POST request [ImageSource: GreyNoise] The attack leverages a malicious POST request to '/hedwig.cgi,' exploiting CVE-2024-0769 to access sensitive configuration files ('getcfg') via the 'fatlady.php' file, which potentially contains user credentials.
[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0 · via Metatext