Friday, February 24, 2017

DIR-300 and DIR-600: security holes in D-Link routers

Update from 7th February 2013: An update has been released for the major security gaps of the D-Link DIR-300 and DIR-600 routers. The router DIR-300 Rev.B gets the firmware 2.14b01. The two DIR-600 Rev.B1 and B2 are updated to the firmware 2.15b01 and the firmware 2.15b01 is now available for the DIR-600 Rev.B5


No firmware update from D-Link


Original report from February 6, 2013: Security expert Michael Messner describes in his blog how he found several gaps in the D-Link routers DIR-300 and DIR-600. The firmware can be hacked and malicious code can be injected with little effort.


Affected D-Link router firmware


With a simple POST parameter, routers with corresponding firmware can execute Linux commands with root privileges. The vulnerability is the result of insufficient access restrictions and missing input authentication. No password is required to execute a malicious code or commands on the router.


In this way, the router password can also be changed, for example, without the current password being interrogated. Many routers can be controlled directly over the Internet, in order to execute appropriate faulty commands. But also routers, which are not directly accessible over the Internet, are not safe. An Internet criminal could lure his victims to specific Internet sites and send the initiated script call to the router via the local network via Cross Site Request Forgery (CSRF). The attacker would already have access to the firmware of the D-Link routers.


Michael Messner informed router manufacturer D-Link already in the middle of December 2012 about the security gap it found. The manufacturer then checked the problem and told the security expert that the vulnerability was a user / browser problem. For this reason, D-Link will not be working on a solution and a firmware for problem resolution. Messner tried several times to send further details to D-Link, in order to clarify the seriousness of the gap. However, after he failed to convince the router manufacturer of a firmware update, he decided to publish the find of the hole.


The security expert Michael Messner could find the security gaps in the following firmware versions


DIR-300


DIR-600


Version 2. 13 of 07.11.2012 (latest firmware), version 2.12 of 18.01.2012


Version 2.14b01 from 22.01.2013 (current firmware), version 2.13b01 of 07.11.2012, version 2.12b02 of 17.01.2012

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)