Vulnerabilities in D-Link, Comba Routers Can Leak Credentials

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
Researchers have discovered vulnerabilities in D-Link and Comba Telecom routers that can leak passwords for the devices and have the potential to affect every user on networks that use them for access.

Trustwave SpiderLabs Security Researcher Simon Kenin discovered the vulnerabilities—two in a D-Link DSL modem typically installed to connect a home network to an ISP, and three in multiple Comba Telecom WiFi devices–which Trustwave unveiled in a blog post Tuesday.
“All the vulnerabilities involve insecure storage of credentials, including three where cleartext credentials are available to any user with network access to the device,” according to the post

Since a home user’s router is the gateway in and out of his or her entire network, Trustwave cautioned users to take the vulnerabilities very seriously.
“An attacker-controlled router can manipulate how your users resolve DNS hostnames to direct your users to malicious websites,” the company wrote in the post. “An attacker-controlled router can deny access in and out of the network perhaps blocking your users from accessing important resources or blocking customers from accessing your website.”
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
the two D-Link vulnerabilities affect the D-Link DSL-2875AL and the DSL-2875AL and also the DSL-2877AL, respectively. The first Coomba vulnerability discovered affects the AC2400 Wi-Fi Access Controller, and the other two affect the Comba AP2600-I WiFi Access Point (version A02,0202N00PD2), according to Trustwave.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top