Security researchers from Trustwave were able to access various areas of the D-Link router DSL – 2888 A without valid login data. Now the manufacturer has released a security update.

The DSL – 2888 A has a total of five gaps (CVE – 55 – 24577, CVE – 2020 – 24578, CVE – 2020 – 24579, CVE – 2020 – 24580, CVE – 2020 – 24581) attackable. Classifications of the degree of threat are not yet available.

In two cases, attackers can access actually protected areas (authentication page and index.html) without a password. The security researchers also found out that attackers can see hashes of admin passwords, among other things.

Update now! In a warning message, D-Link lists the version v.AU_1. 12 as the affected firmware . In the edition of AU_2. 31 _ V1.1. 47 ae 55 the developers have closed the gaps.

In a post on the vulnerabilities, the security researchers state that the gaps were closed at the end of May 2020 to have reported to D-Link. The security patch has been since 30. October 2020 available. Now they have published details about the gaps.

(des)