D-Link EXO AX4800 routers vulnerable to PoC exploit for RCE zero-day

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

The device is particularly popular in Canada and is still actively supported by the vendor. Security vulnerabilities in the DIR-X4860 allow remote unauthenticated attackers that can access the HNAP port to gain elevated privileges and run commands as root.

The vulnerability has been identified in devices running the latest firmware version, enabling unauthenticated remote command execution (RCE). The exploitation process involves a specially crafted HNAP login request to the router's management interface, bypassing authentication and exploiting a command injection vulnerability in the 'SetVirtualServerSettings' function.

Attempts to notify D-Link about the vulnerabilities have been unsuccessful, and users are advised to disable the device's remote access management interface until a security firmware update is released.