"D-Link Wi-Fi Range Extender Vulnerable to Command Injection Attacks"

The popular D-Link DAP-X1860 Wi-Fi 6 range extender is vulnerable to Denial-of-Service (DoS) and remote command injection. The product is listed as available on D-Link's website and has thousands of reviews on Amazon, indicating that it is a popular option among consumers. A group of German researchers known as RedTeam who discovered the vulnerability, tracked as CVE-2023-45208, report that despite repeated attempts to alert D-Link, the vendor has remained quiet, and no patches have been issued. The issue resides within D-Link DAP-X1860's network scanning functionality. An attacker within the extender's range can establish a Wi-Fi network and deceptively name it something similar to what the target is familiar with but include a tick in the name, such as 'Olaf's Network.' This article continues to discuss the vulnerability of the popular D-Link DAP-X1860 Wi0Fi 6 range extender to DoS attacks and remote command injection.

Bleeping Computer reports "D-Link Wi-Fi Range Extender Vulnerable to Command Injection Attacks"

Submitted by grigby1