Path Traversal Vulnerability in D-Link DIR-859
CVE-2024-0769

5.3MEDIUM

Key Information:

Vendor
D-link
Status
Dir-859
Vendor
CVE Published:
21 January 2024

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

Summary

The first article discusses a critical vulnerability in the D-Link DIR-859 1.06B01 router that allows for path traversal and potential remote attacks. The CVE-2024-0769 vulnerability affects unsupported D-Link routers and can lead to information disclosure. Hackers are actively exploiting this flaw to gather account information, including passwords, from vulnerable routers. Since the routers are end-of-life, they are not expected to be patched, posing long-term exploitation risks. The second article highlights a zero-day flaw in Cisco NX-OS Software, tracked as CVE-2024-20399, that is being exploited by a China-nexus cyber espionage group known as Velvet Ant. This flaw enables attackers to execute arbitrary commands as root on affected devices, specifically switches in the Nexus series, and upload additional files and execute code. The article emphasizes the challenges of monitoring network appliances and the potential impact of this vulnerability.

Affected Version(s)

DIR-859 1.06B01

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0769 - Proof of Concept

News Articles

favicon imageThe Hacker News

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

China-linked hackers exploit Cisco switch flaw to deliver malware. Unpatched D-Link routers expose user accounts.

6 months ago

favicon imageThe Cyber Express

Vulnerability In EOL D-Link DIR-859 Routers Exploited

The D-Link DIR-859 WiFi routers have been found to have a path traversal vulnerability (CVE-2024-0769) that allows for information disclosure.

6 months ago

favicon imageSecurity Affairs

Threat actors actively exploit D-Link DIR-859 router flaw

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers.

7 months ago

References

https://vuldb.com/?id.251666
vdb-entrytechnical-description
https://vuldb.com/?ctiid.251666
signaturepermissions-required
https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0...
exploit

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ“°

    First article discovered by BleepingComputer

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Françoa Taffarel
francoa.taffarel (VulDB User)
francoa.taffarel (VulDB User)
.