Categories: Cyber Security News

CISA Issues Alert on D-Link Path Traversal Vulnerability Targeted in Attacks

Security researchers have confirmed active exploitation of CVE-2024-0769, a critical path traversal vulnerability (CVSS 9.8) affecting all D-Link DIR-859 WiFi routers.

This flaw enables unauthenticated attackers to access sensitive configuration files, extract credentials, and gain full device control.

The routers reached end-of-life (EoL) in December 2020, meaning no security patches will be released, leaving devices permanently vulnerable.

Vulnerability Mechanics and Exploitation

The flaw resides in the /hedwig.cgi HTTP POST request handler, where manipulation of the service The argument allows directory traversal.

Attackers craft inputs like ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml to bypass security controls (CWE-22).

Observed exploits target DEVICE.ACCOUNT.xml to extract:

  • Usernames and passwords
  • User group permissions
  • Account descriptions
    GreyNoise Labs confirmed in-the-wild attacks using modified public exploit code, with malicious POST requests sent to /hedwig.cgi.
  • The exploit leverages the router’s fatlady.php file to access configuration data, potentially exposing firewall settings, NAT rules, and access controls.

Risks and Threat Landscape

With 87/100 on the SVRS risk scale, compromised routers enable:

  1. Full device takeover: Attackers gain admin panel access for DNS hijacking, traffic interception, or botnet enrollment.
  2. Network compromise: Stolen credentials facilitate lateral movement within connected networks.
  3. Permanent exposure: EoL status guarantees zero patches, making every internet-facing DIR-859 a persistent threat.
    CISA added CVE-2024-0769 to its Known Exploited Vulnerabilities (KEV) catalog on June 25, 2025, noting federal agencies must remediate by July 16, 2025.

Mitigation and Replacement Imperatives

D-Link’s advisory mandates immediate device retirement.

For organizations unable to replace routers immediately:

  • Disable remote management interfaces
  • Implement VPNs for encrypted traffic
  • Rotate admin passwords every 72 hours
  • Monitor logs for anomalous POST requests to /hedwig.cgi
    Federal agencies must comply with Binding Operational Directive (BOD) 22-01 by the July 16 deadline, isolating or decommissioning affected devices.
  • No workaround exists; replacement with supported hardware remains the only secure option.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates

The post CISA Issues Alert on D-Link Path Traversal Vulnerability Targeted in Attacks appeared first on Cyber Security News.

rssfeeds-admin

Share
Published by
rssfeeds-admin
9 months ago

Recent Posts

Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware

An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131)…

5 minutes ago

New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data

A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and…

5 minutes ago

The High Cost of Slow Triage: How to Make Tier 1 the Fastest Layer in Your SOC

Why do so many SOCs still struggle to move quickly even with strong detection tools…

6 minutes ago

Tennessee Republican objects to checking public school kids’ immigration status

A bill requiring public schools to check the immigration status of all kids in grades…

21 minutes ago

AliExpress Has a 750W Peak 36V Adult Electric Bike for Just $269 With Free Delivery

Now is the time to retire that pedal-powered bike of yours and upgrade to electric.…

1 hour ago

This Crazy TMNT Shredder Combo Can Basically Ruin an Entire Game of Magic In One Fell Swoop

Magic: The Gathering’s second set of the year has given us the Teenage Mutant Ninja…

1 hour ago

This website uses cookies.