Researcher Publishes Details on ten Unpatched D-Link Router Flaws

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
South Korean security researcher Pierre Kim has published details about ten vulnerabilities he discovered in the firmware of D-Link DIR 850L routers.

The researcher published the details without giving D-Link the chance to fix the flaws. Kim says he took this step after reporting similar issues in D-Link products in February that the company ignored.

Kim publishes details on high-impact vulnerabilities
The reported flaws can be exploited from both the router's internal (LAN) and external (WAN) connections to grant attackers the ability to intercept traffic, upload malicious firmware, or get root privileges.

In addition, the researcher also discovered vulnerabilities in the MyDLink cloud service that device owners use to connect to their routers at home, from a remote connection, via Internet.

Below are summaries for all the flaws Kim discovered:

1) Lack of proper firmware protection allows an attacker to upload a new firmware to the router. D-Link 860L firmware revision A has no protection at all, while revision B firmware images come with a hardcoded password that attackers can extract and gain access to the firmware.
2) Cross-site scripting (XSS) flaw when accessing the router admin panel from both the LAN and WAN interfaces allow attackers to steal the authentication cookies and gain access to the device.
3) Attackers can retrieve admin password from routers, and use it to associate users' routers with their own MyDLink cloud accounts, effectively taking control over the device.
4) MyDLink cloud protocol works via a TCP tunnel that doesn't use proper encryption, exposing communications between the user's router and the MyDLink account.
5) The private encryption keys for this TCP tunnel are hardcoded in the firmware and attackers can extract them to perform MitM attacks.
6) Backdoor account via Alphanetworks / wrgac25_dlink.2013gui_dir850l
7) Attackers can alter DNS settings via non-authenticated HTTP requests.
8) Router exposes local files. Also stores credentials in cleartext.
9) Router's internal DHCP client is vulnerable to command injection attacks that allow attackers access to root-level actions.
10) DOS flaw allows attackers can crash router daemons.
Click to expand...
 
  • Like
Reactions: Weebarra, silversurfer, frogboy and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
Security News D-Link says it is not fixing four RCE flaws in DIR-846W routers
Replies
0
Views
1,791
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • +Reputation
    • Like
Security News Taiwanese government warns of hidden backdoor in D-Link routers
Replies
0
Views
1,710
Security News
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • +Reputation
    • Like
    • Wow
Security News TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
Replies
5
Views
2,222
Security News
I Walk MY Way
I Walk MY Way

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top