Critical Vulnerability in D-Link DIR-859 1.06B01 Allowing Path Traversal

Summary

The first article discusses a critical vulnerability in the D-Link DIR-859 1.06B01 router that allows for path traversal and potential remote attacks. The CVE-2024-0769 vulnerability affects unsupported D-Link routers and can lead to information disclosure. Hackers are actively exploiting this flaw to gather account information, including passwords, from vulnerable routers. Since the routers are end-of-life, they are not expected to be patched, posing long-term exploitation risks. The second article highlights a zero-day flaw in Cisco NX-OS Software, tracked as CVE-2024-20399, that is being exploited by a China-nexus cyber espionage group known as Velvet Ant. This flaw enables attackers to execute arbitrary commands as root on affected devices, specifically switches in the Nexus series, and upload additional files and execute code. The article emphasizes the challenges of monitoring network appliances and the potential impact of this vulnerability.

News Articles

The Hacker News

CVE-2024-0769

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

China-linked hackers exploit Cisco switch flaw to deliver malware. Unpatched D-Link routers expose user accounts.

3 months ago

The Cyber Express

CVE-2024-0769

Vulnerability In EOL D-Link DIR-859 Routers Exploited

The D-Link DIR-859 WiFi routers have been found to have a path traversal vulnerability (CVE-2024-0769) that allows for information disclosure.

3 months ago

Security Affairs

CVE-2024-0769

Threat actors actively exploit D-Link DIR-859 router flaw

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers.

3 months ago

More News...