Patches are available for the vulnerability, which affects D-Link's consumer-grade routers.
A buffer overflow vulnerability discovered several D-Link wired and wireless routers could allow attackers to execute arbitrary code and potentially compromise entire networks.
eEye Digital Security, an Aliso Viejo, Calif.-based security firm, issued an advisory on the vulnerability Monday. The company had notified D-Link about the flaw in February.
The vulnerability affects the Local Area Network (LAN) interface of several of D-Link's consumer-grade routers, and a company spokesperson said the Fountain Valley, Calif.-based networking vendor has released patches for download on its Web site.
Mike Puterbaugh, vice president of marketing at eEye, said the vulnerability is serious given the widespread use of D-Link routers in small-business and home networks. "The footprint of D-Link's install base is significant, and this could have potentially turned into a big issue," he said.
eEye rated the severity of the flaw as "high." Danish security firm Secunia rated the vulnerability "moderately critical", and Symantec gave the flaw a "10," its highest severity rating.
Attackers could exploit the vulnerability by sending an excessively long M-search string to a device, triggering a stack-based buffer overflow. M-search commands are sent by devices attempting to connect to Universal Plug and Play (UPnP) networks to find other devices on the network, eEye said.
If successful, attackers could gain the ability to execute arbitrary code and apply modified firmware that could eventually allow them to compromise the whole network, according to eEye.
However, attackers would have to have users' wireless settings or administrator password to exploit the flaw, which causes the router to reboot but doesn't create a denial-of-service situation, the D-Link spokesperson said.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2018 State of the CloudCloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
A New World of IT Management in 2019This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.