D-Link Abandons DIR-846W Routers: Critical Vulnerabilities Left Unpatched

D-Link is warning that four critical RCE flaws in its DIR-846W router won’t be fixed due to end-of-support status. Users are urged to retire the product immediately to avoid security risks.

3P
Published: September 3, 2024 3:48 pmAdded: September 3, 2024 at 9:12 amAssembled by: The Editor
Pro Dashboard

Hot Take:

D-Link’s latest announcement is like the landlord telling you the roof is on fire but they’re not fixing it because you’re living in an old apartment. Instead, they suggest you move out before the whole place goes up in flames. Classic!

Key Points:

  • D-Link’s DIR-846W router has four new Remote Code Execution (RCE) flaws.
  • Three of these are rated critical, affecting all hardware and firmware versions.
  • The flaws, discovered by researcher yali-1002, are not being fixed as the router is no longer supported.
  • The vulnerabilities have high CVSS v3 scores, up to 9.8, indicating severe risks.
  • D-Link advises users to retire the router immediately but offers some mitigation steps if that’s not possible.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?