D-Link, a renowned networking solutions provider, has recently issued patches to address two critical vulnerabilities discovered in its network management suite, posing potential risks of authentication bypass and remote code execution.
The vulnerabilities, identified as CVE-2023-32165 and CVE-2023-32169, were initially detected by security researchers participating in Trend Micro’s Zero Day Initiative (ZDI) towards the end of last year. Among the various vulnerabilities found, these two stood out as the most concerning. CVE-2023-32165 is classified as a remote code execution flaw capable of executing arbitrary code with SYSTEM privileges, while CVE-2023-32169 is an authentication bypass vulnerability leading to privilege escalation, unauthorized access to information, and potential malware installation.
Both vulnerabilities have been assigned a severity score of 9.8, indicating their critical nature. The affected software version is D-View 8 version 2.9.1.27 and earlier. Approximately two weeks ago, D-Link released the necessary patches to rectify the vulnerabilities and is now urging users to promptly apply the patches to ensure system security.
In a security advisory, D-Link stated, “As soon as D-Link was made aware of the reported security issues, we had promptly started our investigation and began developing security patches.” However, the company cautioned users that the patch released is currently labeled as “beta software or hot-fix release,” implying that further changes might occur in subsequent updates. It is essential to note that the D-View software may exhibit instability or crash after the patch has been applied.
Additionally, D-Link advised users to verify the hardware revision of their endpoints through the underside label or web configuration panel. This step is crucial to ensure the correct firmware update is downloaded and installed, mitigating the risk of inadvertently applying the wrong patch.
Taking immediate action to apply the provided patches is of utmost importance to safeguard networks utilizing D-View and protect against potential exploitation by threat actors. By addressing these critical vulnerabilities, D-Link is demonstrating its commitment to maintaining the security and integrity of its products and ensuring the ongoing protection of its users’ networks.
