6 New Vulnerabilities Found in D-Link Routers
Recently, Palo Alto Networks security researchers discovered 6 new vulnerabilities with D-Link wireless home routers that let the attackers launch remote attacks.
The vulnerabilities were found with the DIR-865L model of D-Link routers, which are mostly used in home-based environments. The current scenario going on in almost the whole world is working from home, so this vulnerability may be a serious threat.
The researchers observed 6 such vulnerabilities with the newer models of the firmware.
The following 6 vulnerabilities were observed:
The vulnerabilities were found to be within the controller of the web interface of the router, an attacker with authentication, or by having an active session cookie can inject an arbitrary code to execute in administrative privileges.
Below is the malicious HTTP request:
Multiple webpages of router web interface found to be vulnerable to CSRF. This allows an attacker to sniff the web traffic and to gain access to password-protected pages of the web interface.
Data transferred with the SharePort Web Access portal on port 8181 found to be not encrypted and it allows the attacker to determine the password.
The session cookie generation found to be predictable. The attacker can determine the session cookie by just knowing the user’s login time.
The login credentials found to be stored in plain text. For this, the attacker must have physical access to steal the passwords.
If the authentication type is selected as Wired Equivalent Privacy (WEP) for guest wifi network, by the administrator, which was deprecated in 2004 then passwords will be sent cleartext.
All these vulnerabilities when combined allow the attacker to run arbitrary commands, upload malware, steal credentials, exfiltrate data, or delete data.
It is recommended to consider the following best practices:
- The web interface of the router was found to be vulnerable to CSRF and even the session cookies were predictable. The defense against these is to include a CSRF token within a relevant request and the token should be an unpredictable one with high entropy, as for session tokens in general.
- The login passwords were found to be in plain text. For this the passwords transmitted to and from must be encrypted.
- Since, the WEP was deprecated in 2004, therefore the network administrators must select a different type of authentication such as WPA/WPA2/WPS.
- D-Link fixed these vulnerabilities with the routers. The users are recommended to update the firmware of their routers as soon as possible. The firmware can be found on the D-Link website where they announced the vulnerabilities.