D-Link patches remote code execution flaw in DSL-3788 models
Take action: This one is fairly fresh - both as a flaw and as speed of remediation. Not attacked yet, although that will happen eventually. If you are running DSL-3788 routers, check the firmware update. If you are affected, patch quickly. If not affected, just plan a regular update.
Learn More
A critical security vulnerability has been reported to D-Link for their DSL-3788 routers that allows unauthenticated remote code execution (RCE).
The vulnerability (No CVE available but considered critical) was reported on November 25, 2024, by Max Bellia from SECURE NETWORK BVTECH and was publicly disclosed on January 27, 2025. The vulnerability exists in the COMM_MakeCustomMsg function of the libssap library used by the webproc CGI.
It allows attackers to send specially crafted sessionid requests to the webproc CGI and enables unauthenticated remote code execution.
The vulnerability impacts D-Link DSL-3788 routers with hardware revision B2 running firmware version v1.01R1B036_EU_EN or earlier in non-US regions.
D-Link has released a security patch in firmware version v1.01R1B037, released on January 27, 2025. The company strongly recommends users to pdate to the latest firmware version immediately.
There is currently no information available about active exploitation of this vulnerability in the wild.
