D-Link DIR 850L wireless AC1200 dual-band gigabit cloud routers are vulnerable to 10 safety issues, including "several trivial" cross-site scripting (XSS) flaws, lack of proper firmware protection, backdoor access, too command injection attacks resulting inwards root access.
If successfully exploited, these vulnerabilities could permit hackers to intercept connection, upload malicious firmware, too transcend root privileges, enabling them to remotely hijack too command affected routers, every bit good every bit network, leaving all connected devices vulnerable to cyber attacks every bit well.
These zero-day vulnerabilities were discovered past times Pierre Kim—the same safety researcher who final twelvemonth discovered too reported multiple severe flaws inwards D-Link DWR-932B LTE router, simply the companionship ignored the issues.
The same happened inwards February, when the researcher reported ix safety flaws inwards D-Link products simply disclosed the vulnerabilities citing a "very badly coordinated" disclosure alongside D-Link.
So, Kim opted to publicly discover the details of these zero-day flaws this fourth dimension too published their details without giving the Taiwan-based networking equipment maker the adventure to laid upwards them.
Here's the listing of 10 zero-day vulnerabilities demeanour on both D-Link 850L revision Influenza A virus subtype H5N1 too revision B Kim discovered:
- Lack of proper firmware protection—since the protection of the firmware images is non-existent, an aggressor could upload a new, malicious firmware version to the router. Firmware for D-Link 850L RevA has no protection at all, acre firmware for D-Link 850L RevB is protected simply alongside a hardcoded password.
- Cross-site scripting (XSS) Flaws—both LAN too WAN of D-Link 850L RevA is vulnerable to "several trivial" XSS vulnerability, allowing an aggressor "to purpose the XSS to target an authenticated user inwards lodge to pocket the authentication cookies."
- Retrieve admin passwords—both LAN too WAN of D-Link 850L RevB are every bit good vulnerable, allowing an aggressor to recollect the admin password too purpose the MyDLink cloud protocol to add together the user's router to the attacker's job organisation human relationship to gain total access to the router.
- Weak cloud protocol—this number affects both D-Link 850L RevA too RevB. MyDLink protocol plant via a TCP tunnel that purpose no encryption at all to protect communications betwixt the victim's router too the MyDLink account.
- Backdoor Access—D-Link 850L RevB routers conduct maintain backdoor access via Alphanetworks, allowing an aggressor to transcend a root trounce on the router.
- Private keys hardcoded inwards the firmware—the soul encryption keys are hardcoded inwards the firmware of both D-Link 850L RevA too RevB, allowing to extract them to perform man-in-the-middle (MitM) attacks.
- No authentication check—this allows attackers to modify the DNS settings of a D-Link 850L RevA router via non-authenticated HTTP requests, forrad the traffic to their servers, too accept command of the router.
- Weak files permission too credentials stored inwards cleartext—local files are exposed inwards both D-Link 850L RevA too RevB. In addition, routers shop credentials inwards clear text.
- Pre-Authentication RCEs every bit root—the internal DHCP customer running on D-Link 850L RevB routers is vulnerable to several command injection attacks, allowing attackers to gain root access on the affected devices.
- Denial of Service (DoS) bugs—allow attackers to crash around daemons running inwards both D-Link 850L RevA too RevB remotely via LAN.
Kim advised users to cutting the connections alongside the affected D-Link router inwards lodge to hold out prophylactic from such attacks.
According to Kim, "the Dlink 850L is a router overall badly designed alongside a lot of vulnerabilities. Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused."
You tin transcend total details of all 10 zero-day vulnerabilities on Kim's website every bit good every bit on safety mailing lists.
The safety of D-Link products has late been questioned when the the U.S. Federal Trade Commission, FTC sued the company before this year, alleging that the lax safety left its products too therefore, "thousands of consumers" vulnerable to hackers.
