The flawed devices are the D-Link DIR 850L wireless AC1200 dual-band gigabit cloud routers, the list of vulnerabilities includes the lack of proper firmware protection, backdoor access, command injection attacks resulting in root access and several cross-site scripting (XSS) flaws.
An attacker could exploit the vulnerabilities to intercept traffic, upload malicious firmware, and get full control over the affected routers.
Kim sustains that “the D-Link DIR 850L is a router overall badly designed with a lot of vulnerabilities. Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused.”
“Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused.” wrote Kim in a blog post.
This isn’t the first time Kim spots flaws in D-Link products, in October 2016 he reported multiple vulnerabilities in D-Link DWR-932B LTE router, but the Taiwan-based firm ignored them.
At the time, users are invited avoid using the affected D-Link router in order to be safe from such attacks.
“I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.” Kim wrote.
Below the list of zero-day vulnerabilities disclosed by Kim that affect D-Link DIR 850L revision A and revision B:
(Security Affairs – D-Link 850L Wireless Routers. zero-day)