A security researcher named Pierre Kim discovered and published ten vulnerabilities within the firmware of D-Link DIR 850L Wireless AC1200 Dual-Band Gigabit Cloud Routers. Additionally, several flaws were found in the MyDLink cloud service. Successful exploitation of these vulnerabilities could allow a threat actor to steal authentication cookies, gain unauthorized access, upload malicious firmware, take control of the affected device, or cause a denial-of-service condition. The NJCCIC recommends all users and administrators of the D-Link DIR 850L routers and the MyDLink cloud service review Pierre Kim’s security advisory and consider discontinuing the use of these products as there was no coordinated disclosure with the company and a patch is not currently available.

AdvisoryNJCCICD-Link, Router