D-Link product has a buffer overflow error

A buffer overflow security error has just been discovered in some D-Link wireless and wired network router products.

In a warning message issued yesterday (July 18), security firm eEye Digital Security said hackers could exploit this security flaw to execute binary code or take full control. network.

eEye is warning D-Link about this security error in February.

D-Link wireless router product.

D-Link spokesperson affirmed that the above security error arises in the LAN intranet console of some D-Link router router products, and said the fix was released. Users can download it through its website.

Mike Puterbaugh - eEye vice president of product promotion - said the newly discovered security flaw in D-Link products is really serious because its products are used a lot in Small business or home network. Therefore, this security error can cause great damage.

eEye evaluates this security error to a high level. Meanwhile, Secunia only ranked on average, and Symantec rated lowest - 10/10.

Hackers can exploit this security flaw by sending a long M-search string to the device that has failed to cause buffer overflow. M-search commands are sent to the device for the purpose of connecting to UPnP (Universal Plug and Play) networks to search for devices on those networks. If successful, an attacker can gain the right to execute binary code or hijack the entire network.

However, an attacker can only succeed if they find a user with administrative access to control wireless network settings. They can also control the router to restart or cause denial-of-service attacks, D-Link spokesman said.

D-Link recommends that users update the patches as soon as possible.

Hoang Dung