Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769
Cybersecurity experts have observed threat actors exploiting a critical vulnerability, CVE-2024-0769, in D-Link DIR-859 WiFi routers. This path traversal issue, with a CVSS score of 9.8, allows attackers to access sensitive information such as user passwords. The vulnerability is being exploited through a modified public exploit targeting the 'DEVICE.ACCOUNT.xml' file, which contains account names, passwords, user groups, and descriptions. Attackers send a malicious POST request to '/hedwig.cgi' to access configuration files and potentially take full control of the device. D-Link has declared the DIR-859 routers End of Life (EoL), indicating that they will not receive a patch for this flaw. GreyNoise warns that the disclosed information from these devices will remain valuable to attackers as long as the devices are connected to the internet. The researchers suggest that D-Link customers replace their EoL devices to mitigate the risk. CVEs: CVE-2024-0769 [View Article](https://buaq.net/go-248090.html)