Researcher Publishes Details on Unpatched D-Link Router Flaws

Researcher Publishes Details on Unpatched D-Link Router Flaws

By | September 11th, 2017
No Comments on Researcher Publishes Details on Unpatched D-Link Router Flaws

South Korean security researcher Pierre Kim has published details about ten

vulnerabilities he discovered in the firmware of D-Link DIR 850L

routers.


														
							

Below are summaries for all the flaws Kim discovered:

1) Lack of proper firmware protection allows an attacker to upload a new firmware to the router. D-Link 860L firmware revision A has no protection at all, while revision B firmware images come with a hardcoded password that attackers can extract and gain access to the firmware.
2) Cross-site scripting (XSS) flaw when accessing the router admin panel from both the LAN and WAN interfaces allow attackers to steal the authentication cookies and gain access to the device.
3) Attackers can retrieve admin password from routers, and use it to associate users’ routers with their own MyDLink cloud accounts, effectively taking control over the device.
4) MyDLink cloud protocol works via a TCP tunnel that doesn’t use proper encryption, exposing communications between the user’s router and the MyDLink account.
5) The private encryption keys for this TCP tunnel are hardcoded in the firmware and attackers can extract them to perform MitM attacks.
6) Backdoor account via Alphanetworks / wrgac25_dlink.2013gui_dir850l
7) Attackers can alter DNS settings via non-authenticated HTTP requests.

Read more
Google
Nisheeth Bhakuni