Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution

guest · Oct 7, 2019

Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution
October 3, 2019
https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html

In September 2019, Fortinet's FortiGuard Labs discovered and reported an unauthenticated command injection vulnerability (FG-VD-19-117/CVE-2019-16920) in D-Link products that could lead to Remote Code Execution (RCE) upon successful exploitation. We rated this as a critical issue since the vulnerability can be triggered remotely without authentication.
Conclusion
In conclusion, the root cause of the vulnerability is due to the lack of a sanity check for arbitrary commands executed by the native system command execution, which is a typical security pitfall suffered by many firmware manufacturers.

FortiGuard Labs has rated the vulnerability CVE-2019-16920 in the affected D-Link products to be a high severity level risk. It is crucial for D-Link users to upgrade to a new product immediately, as those devices are EOL according to the vendor.
Click to expand...

Based on our findings, the vulnerability was found in latest firmware of the following D-Link products:

DIR-655

DIR-866L

DIR-652

DHP-1565

Click to expand...

guest · Oct 7, 2019

D-Link router remote code execution vulnerability will not be patched
The security issue won’t be resolved, considering the age of the products
October 7, 2019
https://www.zdnet.com/article/d-link-routers-contain-remote-code-execution-vulnerability/

The security researchers disclosed their findings to D-Link on September 22. Within 24 hours the hardware vendor had confirmed the vulnerability, and three days later, D-Link said that as the products are at End of Life (EOL) support, no patch will be released.

Given the age of these routers, it is not surprising that D-Link has chosen not to issue a fix. Our devices -- and their firmware -- all have an expiry date and eventually support does end, and therefore users of these routers should consider replacing their aging products to mitigate the risk of exploit.
Click to expand...

guest · Oct 23, 2019

CERT Coordination Center (CERT/CC)
Multiple D-Link routers vulnerable to remote command execution
Vulnerability Note VU#766427
October 23, 2019
https://kb.cert.org/vuls/id/766427/

Overview
Multiple D-Link routers are vulnerable to unauthenticated remote command execution.
Description
Several D-Link routers contain CGI capability that is exposed to users as /apply_sec.cgi, and dispatched on the device by the binary /www/cgi/ssi. This CGI code contains two flaws: [...]
Impact
By performing an HTTP POST request to a vulnerable router's /apply_sec.cgi page, a remote, unauthenticated attacker may be able to execute commands with root privileges on an affected device. This action can happen as the result of viewing a specially-crafted web page.
Solution
The CERT/CC is currently unaware of a practical solution to this problem. The devices listed above are no longer supported by D-Link.
Click to expand...
Code:
The following devices are reported to be vulnerable:
• DIR-655
• DIR-866L
• DIR-652
• DHP-1565
• DIR-855L
• DAP-1533
• DIR-862L
• DIR-615
• DIR-835
• DIR-825

guest · Nov 19, 2019

D-Link Adds More Buggy Router Models to ‘Won’t Fix’ List
November 20, 2019
https://threatpost.com/d-link-wont-fix-router-bugs/150438/

D-Link has warned that more of its routers are vulnerable to critical flaws that allow remote hackers to take control of hardware and steal data. The routers won’t be fixed, said D-Link, explaining that the hardware has reached its end-of-life and will no longer receive security updates.

The vulnerability is identified as a remote code-execution (RCE) flaw — a “bad authentication check” — impacting 13 model D-Link routers, according to a support announcement released Tuesday.
D-Link identified the additional affected models as: DIR-866, DIR-655, DHP-1565, DIR-652, DAP-1533, DGL-5500, DIR-130, DIR-330, DIR-615, DIR-825, DIR-835, DIR-855L and DIR-862.

Tuesday’s list of D-Link hardware include four never-before identified routers with an unauthorized RCE flaw – DIR-862, DIR-330, DGL-5500 and DIR-866.
Click to expand...

D-Link: Unauthenticated RCE for EoL routers

guest · Jan 2, 2020

Remote Command Execution Vulnerability Affects Many D-Link Routers
January 2, 2020
https://www.securityweek.com/remote-command-execution-vulnerability-affects-many-d-link-routers

Miguel Méndez Zúñiga and Pablo Pollanco of Telefónica Chile recently disclosed the details of the vulnerabilities in a couple of blog posts published on Medium.

According to D-Link, the company first learned of the vulnerabilities in mid-October, but its initial security advisory only listed DIR-859 routers as being affected — this was the model on which the researchers conducted their tests.
However, an updated advisory published by the company late last year shows that the vulnerabilities actually impact over a dozen D-Link DIR models, including ones that are no longer supported.

The remote command execution vulnerability, tracked as CVE-2019-17621, is related to how UPnP requests are handled and it can allow an unauthenticated attacker to take control of vulnerable devices.
However, exploitation requires access to the local area network (LAN) housing the router, which, D-Link says, “narrows the risk of an attack considerably.”
The information disclosure flaw allows an attacker to obtain a device’s VPN configuration file, which can contain sensitive information.
Click to expand...

guest · Dec 8, 2020

D-Link VPN routers get patch for remote command injection bugs
December 8, 2020
https://www.bleepingcomputer.com/ne...-get-patch-for-remote-command-injection-bugs/

An vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device.

The bug affects router models DSR-150, DSR-250/N, DSR-500, and DSR-1000AC running firmware version 3.17 or below.
Run commands with root privileges
Reported by Digital Defense's Vulnerability Research Team on August 11, the flaw is a root command injection that can be exploited remotely if the device's "Unified Services Router" web interface is reachable over the public internet.

"Consequently, a remote, unauthenticated attacker with access to the router’s web interface could execute arbitrary commands as root, effectively gaining complete control of the router" - Digital Defense
Click to expand...

D-Link has acknowledged the issue and published some details in an advisory earlier this month, saying that some LUA CGI are accessible without authentication and could be used to execute a LUA library function to pass user-supplied data.
The router manufacturer explains that an attacker can slip malicious data into a command designed to calculate a hash that is processed by the "os.popen()" function.
Click to expand...

guest · Dec 18, 2020

Multiple security flaws let hackers infiltrate D-Link routers
Five major vulnerabilities have been discovered
December 17, 2020
https://www.techradar.com/au/news/m...hackers-to-infiltrate-networks-via-the-router

Five major vulnerabilities have been discovered affecting D-Link routers by cybersecurity researchers working as part of Trustwave’s SpiderLabs team.

The bugs could enable attackers on the same Wi-Fi network to gain user credentials and remotely execute code on the victim’s router.
That disclosure, which was carried out by threat management firm Digital Defense only came to light earlier this month.
Click to expand...

The famous five
The first security flaw found by Zang involved insufficient authentication of the router’s admin page, which meant that any individual could browse an authenticated page without requiring the correct password.
[...]
As Zang states, D-Link has now patched the five vulnerabilities, but the company will be eager to show that it is capable of building routers that do not suffer from such serious flaws in the first place.
Click to expand...

Trustwave: D-Link: Multiple Security Vulnerabilities Leading to RCE

On the 30th of October, D-Link published a support announcement and released a new firmware to patch five vulnerabilities that Harold Zang, Technical Security Specialist at Trustwave, identified on the DSL-2888A router. These security vulnerabilities could allow a malicious Wi-Fi or local network user to gain unauthorised access to the router web interface, obtain the router password hash, gain plaintext credentials, and execute system commands on the router.
Finding-1: Insufficient Authentication (CVE-2020-24579)
Finding-2: Information Leakage (CVE-2020-24577)
Finding-3: FTP Misconfiguration (CVE-2020-24578)
Finding-4: Hidden Functionality (CVE-2020-24581)
Finding-5: Improper Authentication (CVE-2020-24580)
Click to expand...

Log in or Sign up

Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches