Path Traversal Vulnerability in D-Link DIR-859
CVE-2024-0769

9.8CRITICAL

Key Information:

Vendor

D-link
Status
Dir-859
Vendor
CVE Published:
21 January 2024

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 70%🦅 CISA Reported📰 News Worthy

What is CVE-2024-0769?

The first article discusses a critical vulnerability in the D-Link DIR-859 1.06B01 router that allows for path traversal and potential remote attacks. The CVE-2024-0769 vulnerability affects unsupported D-Link routers and can lead to information disclosure. Hackers are actively exploiting this flaw to gather account information, including passwords, from vulnerable routers. Since the routers are end-of-life, they are not expected to be patched, posing long-term exploitation risks. The second article highlights a zero-day flaw in Cisco NX-OS Software, tracked as CVE-2024-20399, that is being exploited by a China-nexus cyber espionage group known as Velvet Ant. This flaw enables attackers to execute arbitrary commands as root on affected devices, specifically switches in the Nexus series, and upload additional files and execute code. The article emphasizes the challenges of monitoring network appliances and the potential impact of this vulnerability.

CISA has reported CVE-2024-0769

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-0769 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

DIR-859 1.06B01

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0769 - Proof of Concept

News Articles

favicon imageThe Hacker News

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CISA adds 3 critical vulnerabilities to KEV catalog, affecting AMI MegaRAC, D-Link, and Fortinet, urging mitigations by July 2025.

2 weeks ago

favicon imageThe Hacker News

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

China-linked hackers exploit Cisco switch flaw to deliver malware. Unpatched D-Link routers expose user accounts.

favicon imageThe Cyber Express

Vulnerability In EOL D-Link DIR-859 Routers Exploited

The D-Link DIR-859 WiFi routers have been found to have a path traversal vulnerability (CVE-2024-0769) that allows for information disclosure.

References

https://vuldb.com/?id.251666
vdb-entrytechnical-description
https://vuldb.com/?ctiid.251666
signaturepermissions-required
https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0...
exploit

EPSS Score

70% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🦅

    CISA Reported

  • 💰

    Used in Ransomware

  • 📰

    First article discovered by BleepingComputer

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Françoa Taffarel
francoa.taffarel (VulDB User)
francoa.taffarel (VulDB User)
.