Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities. If exploited, the vulnerabilities could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and launch denial-of-service attacks. The Taiwanese networking equipment maker confirmed the issues in an advisory on December 1, adding that the patches were under development for two of three flaws, which have now been released to the public at the time of writing. The vulnerabilities stem from the fact that the vulnerable component, the “Lua CGI,” is accessible without authentication and lacks server-side filtering.
Source: https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html