**Hackers exploit critical D-Link DIR-859 router flaw to steal passwords**
If you or anyone you know is using this device, now would be a good time to upgrade.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords/
"Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
The security issue was disclosed in January and is currently tracked as CVE-2024-0769 (9.8 severity score) - a path traversal flaw that leads to information disclosure.
Although D-Link DIR-859 WiFi router model reached end-of-life (EoL) and no longer receives any updates, the vendor still released a security advisory explaining that the flaw exists in the "fatlady.php" file of the device, affects all firmware versions, and allows attackers to leak session data, achieve privilege escalation, and gain full control via the admin panel.
D-Link is not expected to release a fixing patch for CVE-2024-0769, so owners of the device should switch to a supported device as soon as possible."
#cybersecgirl
ava
npub1f6u…zcka
2024-06-30 03:39:02
Author Public Key
npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazckaPublished at
2024-06-30 03:39:02Event JSON
{
"id": "d586c632dfe100638e2e760dab0384fe6d9cf2149bc5fbd2f12453b1ff65fa9b",
"pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d",
"created_at": 1719711542,
"kind": 1,
"tags": [
[
"t",
"cybersecgirl"
],
[
"r",
"https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords/"
]
],
"content": "**Hackers exploit critical D-Link DIR-859 router flaw to steal passwords**\n\nIf you or anyone you know is using this device, now would be a good time to upgrade.\n\nhttps://www.bleepingcomputer.com/news/security/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords/\n\n\"Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.\n\nThe security issue was disclosed in January and is currently tracked as CVE-2024-0769 (9.8 severity score) - a path traversal flaw that leads to information disclosure.\n\nAlthough D-Link DIR-859 WiFi router model reached end-of-life (EoL) and no longer receives any updates, the vendor still released a security advisory explaining that the flaw exists in the \"fatlady.php\" file of the device, affects all firmware versions, and allows attackers to leak session data, achieve privilege escalation, and gain full control via the admin panel.\n\nD-Link is not expected to release a fixing patch for CVE-2024-0769, so owners of the device should switch to a supported device as soon as possible.\"\n\n#cybersecgirl\n",
"sig": "ee648ef1a8a92e8d28657683f098662b9f9e25b5fef94d3328539f3a470e6af1c9c9ac7f54bd817117458792afdfa102bcfdb583fef75b78310f49eca7942ca9"
}