D-Link has released a beta version of firmware update for one of its enterprise swith series DGS-1510 WebSmart. Latest firmware patch fixes a number of vulnerabilities which allow to bypass the authentication process and potentially cause a data loss. The security flaws had been discovered by security researchers Varang Amin and Aditya K Sood at the end of January.
Varang Amin explained in an interview that a remote attacker can exploit the discovered flaws from any location on the internet and execute malicious commands on the target device. “A remote attacker can exploit the authentication bypass vulnerabilities to execute remote and local commands on the D-Link enterprise switch,” said Varang Amin. Amin and his colleagues have detected dozens of vulnerable enterprise switches accessible via the internet, but the researchers found it difficult to provide exact figures since they didn’t carried out any special study.
Affected DGS-1510 Models:
Affected Firmware Versions:
All Firmware prior to:
including older firmware
Dlink’s detailed information about the CVE-2017-6206 vulnerability can be found on this page.