Below are summaries for all the flaws Kim discovered:
1) Lack of proper firmware protection allows an attacker to upload a new firmware to the router. D-Link 860L firmware revision A has no protection at all, while revision B firmware images come with a hardcoded password that attackers can extract and gain access to the firmware.
2) Cross-site scripting (XSS) flaw when accessing the router admin panel from both the LAN and WAN interfaces allow attackers to steal the authentication cookies and gain access to the device.
3) Attackers can retrieve admin password from routers, and use it to associate users’ routers with their own MyDLink cloud accounts, effectively taking control over the device.
4) MyDLink cloud protocol works via a TCP tunnel that doesn’t use proper encryption, exposing communications between the user’s router and the MyDLink account.
5) The private encryption keys for this TCP tunnel are hardcoded in the firmware and attackers can extract them to perform MitM attacks.
6) Backdoor account via Alphanetworks / wrgac25_dlink.2013gui_dir850l
7) Attackers can alter DNS settings via non-authenticated HTTP requests.
2) Cross-site scripting (XSS) flaw when accessing the router admin panel from both the LAN and WAN interfaces allow attackers to steal the authentication cookies and gain access to the device.
3) Attackers can retrieve admin password from routers, and use it to associate users’ routers with their own MyDLink cloud accounts, effectively taking control over the device.
4) MyDLink cloud protocol works via a TCP tunnel that doesn’t use proper encryption, exposing communications between the user’s router and the MyDLink account.
5) The private encryption keys for this TCP tunnel are hardcoded in the firmware and attackers can extract them to perform MitM attacks.
6) Backdoor account via Alphanetworks / wrgac25_dlink.2013gui_dir850l
7) Attackers can alter DNS settings via non-authenticated HTTP requests.
