D-Link Patches RCE Bugs in Wireless Access Point Gear

[silversurfer]

Four vulnerabilities were disclosed in D-Link’s software controller tool used in its enterprise-class wireless network access points. The disclosure, made on Thursday, also included two vulnerabilities that enabled attackers to remotely execute code with system permissions.

The flaws were discovered by a researcher with SecureAuth + Core Security. The bugs are tied to firmware controlling D-Link’s wireless access point gear called Central WiFiManager Software Controller, a tool used to help network administrators manage and monitor their wireless access point workflow via a centralized server.

Impacted are the software, the host system it runs one and D-Link devices managed, said D-Link said in a disclosure notice published to its site: “This disclosure directly affects the software package and current installations should be update with the new released available to download below. Failure to update may put this software package, the host computer it runs on, and D-Link devices that it manages at risk.”

Source: https://threatpost.com/d-link-patches-rc...ar/137960/