D-Link Patches Vulnerabilities

Wednesday, March 18, 2015 @ 12:03 PM gHale

Two separate vulnerabilities where an attacker could control specific D-Link devices ended up mitigated with a new firmware release.

One of the glitches, CVE-2015-2050, has the highest severity score as per the CVSS metrics and resides in the update mechanism of the DAP-1320 Rev Ax firmware version 1.11.

Schneider Mitigates Buffer Overflow
Cimon Fixes DLL Hijacking Vulnerability
ABB Updates HART Device DTM
SCADA Engine Fixes OPC Server Holes

Executing commands on a vulnerable device is possible due to faulty sanitization of special elements used in commands for the operating system.

This can occur after intercepting the network traffic, an advisory from the CERT division at Carnegie Mellon University said.

To mitigate this issue, users should apply D-Link’s update to version 1.21b05.

The second vulnerability, CVE-2015-2049, affects DCS-930L, DCS-931L, DCS-932L, and DCS-933L Wi-Fi camera models from D-Link and can end up exploited to remotely upload arbitrary files from a third-party machine.

A specific write location can end up assigned for the rogue data and the risk consists in the fact an attacker can create, modify or delete data, as well as execute code.

The threat actor would have to end up authenticated in order to be able to upload the data to the vulnerable device, but the flaw can also suffer exploitation through CSRF (cross-site request forgery) attacks.

In this case, an authenticated victim can end up tricked into launching a malicious link containing the tasks performed in the device’s web-based administration console.

The calculated score for this weakness is 9.0, as exploiting it is not complex in nature and requires little information gathering. In addition, the impact is high, as the attacker can completely take over the device.

CVE-2015-2049 affects all firmware versions lower than 1.04. D-Link published firmware updates for all the affected products. Users should apply the new patch as soon as possible, officials said.

Leave a Reply

You must be logged in to post a comment.