Router Holes Disclosed

Friday, September 8, 2017 @ 04:09 PM gHale

There are multiple unpatched vulnerabilities with D-Link DIR-850L routers and mydlink cloud services.

Along those lines, researcher Pierre Kim, who discovered the vulnerabilities, issued his findings without D-Link releasing a fix.

Apache Struts Fixes Remote Attack Hole
Locky Ransomware Back with Gusto
Ransomware has Manufacturing Focus
Users Learning, But Ransomware Still a Problem
Ransomware Shuts Down SMBs

“Their previous lack of consideration about security made me publish this research without coordinated disclosure,” Kim said in a blog post. “I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.”

The researcher discovered in mid-June revisions A and B of the DIR-850L firmware lack proper protection. The former allows an attacker to easily forge a firmware image, while the latter is protected with a hardcoded password.

He also found several cross-site scripting (XSS) vulnerabilities that can be exploited to steal authentication cookies from logged-in users. Hackers could also exploit various flaws to change a router’s DNS settings and forward the victim’s traffic to a malicious server, cause some services to enter a denial-of-service (DoS) condition, and execute arbitrary commands as root via the DHCP client.

Vulnerabilities identified by Kim in the mydlink cloud service, which allows users to access their D-Link devices from anywhere over the Internet, can be exploited by an unauthenticated hacker to remotely associate a targeted device with their own mydlink account, obtain device passwords — which are in many cases stored or transmitted in clear text — and take complete control of the router.

Kim believes the vulnerabilities related to the cloud service could also affect other D-Link products, including network-attached storage (NAS) devices and cameras. The expert has published detailed technical information for each of the security holes he found.

The vulnerabilities come on the heels of a February problem with the Dlink DWR-932B.

“A personal point of view: at best, the vulnerabilites are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor,” Kim said in a post back in Feburary. Not all the vulnerabilities found have been disclosed in this advisory. Only the significant ones are shown.”

Leave a Reply

You must be logged in to post a comment.