Fortinet Discovers D-Link DIR-550A/604M Routers Remote Code Execution Vulnerability
Fortinet's FortiGuard Labs has discovered a remote code execution vulnerability in some routers shipped by the company D-Link.
D-Link manufactures a series of network routers directly competing with Linksys or Asus routers.
A malicious user can forge a HTTP request to inject operating system commands that can be executed on the device with higher privileges.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released May 10, 2018
Currently we are unaware of any vendor supplied patch or updates available for this issue.
Fortinet reported the vulnerability to D-Link on January 2, 2018.
D-Link confirmed the vulnerability on January 19, 2018.
This vulnerability was discovered by David Maciejak of Fortinet's FortiGuard Labs.