Router Flaws Fixed after Disclosure

Friday, March 6, 2015 @ 04:03 PM gHale


D-Link created updates for its DIR-820L router to fix multiple vulnerabilities in the device, one of them allowing a remote attacker complete takeover.

Independent researcher, Peter Adkins found the vulnerabilities and sent the findings to the manufacturer January 11, but the company failed to reply to requests regarding mitigation of the problems or to come up with a patch, so the researcher made his discoveries public February 26.

RELATED STORIES
Routers Vulnerable to DNS Changes
Router Flaw Found
90 Days: Google Reveals 3 OS X Zero Days
Google Discloses Windows 8.1 Flaw

D-Link released a security advisory Monday saying an investigation found other routers (DIR-626L/DIR-636L/DIR-808L/DIR-810L/DIR-826L/DIR-830L/DIR-836) were vulnerable as well.

New firmware is currently available for DIR-820L, while updates for the rest of the devices will roll out by March 10.

The most dangerous flaw uncovered by Adkins refers to gaining root access to the router through a CSRF (cross-site request forgery) attack by tricking the victim into visiting a malicious web page.

This would allow unauthorized access to the DNS (domain name system) configuration, which is designed to direct the device to a legitimate server in charge of converting domain names into IP addresses so the correct website loads in the web browser.

The pre-requisite for successful exploitation of the glitches is for the router to have the remote network management enabled. The default setting for this option in the affected routers is “off.”

D-Link recommends applying the updates as soon as they become available. Until then, one mitigation could be to disable WAN management on the device.



Leave a Reply

You must be logged in to post a comment.