D-Link releases firmware patch resolving bypass flaw in enterprise switches

0
51
D-Link DGS-1510

D-Link has released a beta version of firmware update for one of its enterprise swith series DGS-1510 WebSmart. Latest firmware patch fixes a number of vulnerabilities which allow to bypass the authentication process and potentially cause a data loss. The security flaws had been discovered by security researchers Varang Amin and Aditya K Sood at the end of January.

Varang Amin explained in an interview that a remote attacker can exploit the discovered flaws from any location on the internet and execute malicious commands on the target device. “A remote attacker can exploit the authentication bypass vulnerabilities to execute remote and local commands on the D-Link enterprise switch,” said Varang Amin. Amin and his colleagues have detected dozens of vulnerable enterprise switches accessible via the internet, but the researchers found it difficult to provide exact figures since they didn’t carried out any special study.

Affected DGS-1510 Models:

DGS-1510-28XMP
DGS-1510-28X
DGS-1510-52X
DGS-1510-52
DGS-1510-28P
DGS-1510-28
DGS-1510-20

Affected Firmware Versions:

All Firmware prior to:
1.31.B003

including older firmware
1.30.007
1.20.011

Dlink’s detailed information about the CVE-2017-6206 vulnerability can be found on this page.

LEAVE A REPLY

Please enter your comment!
Please enter your name here