How to find D-Link DIR-846W routers on your network

runZero Team

Updated September 3, 2024, 5:40pm EDT

Latest D-Link vulnerabilities #

Security researcher yali-1002 has disclosed several vulnerabilities in D-Link’s DIR-846W routers. These vulnerabilities allow the execution of arbitrary code via specially-crafted requests.

CVE-2024-41622 is rated critical with CVSS score of 9.8.
CVE-2024-44340 is rated high with CVSS score of 8.8.
CVE-2024-44341 is rated critical with CVSS score of 9.8.
CVE-2024-44342 is rated critical with CVSS score of 9.8.

D-Link has acknowledged these vulnerabilities, but noted these devices are no longer supported. As such, no fixes will be released for these vulnerabilities.

What is the impact? #

Successful exploitation of these vulnerabilities result in devices allowing attackers to perform remote code execution (RCE) by sending special requests to vulnerable devices.

Are updates or workarounds available? #

D-Link has indicated that the vulnerable systems stopped being supported in 2020 and no further updates will be released. Users are urged to replace vulnerable systems with supported systems.

How to find potentially vulnerable systems with runZero #

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

mac_vendor:"D-Link"

Written by runZero Team

Great research and development is a team effort! Multiple runZero team members collaborated on this post. Go team!

More about runZero Team

Explore more

Watch Now • On Demand

Vulnerability management is broken: what's the fix?

HD Moore and Omdia analyst Rik Turner discuss why traditional vulnerability management is struggling in modern IT infrastructures, why CVEs don’t tell the full story, and why prioritization alone isn’t enough to close critical security gaps.

Watch Now