D-Link routers contain a vulnerability that could be exploited by attackers to get root access remotely and run several attacks.
Once again security experts have found security vulnerabilities in home routers, these devices are a privileged target of cyber criminals that exploit the flaws in the software they run for several purposes. This time the flawed routers are manufactured by D-Link and contain a security vulnerability that expose them to remote attacks.
The attackers can get root access to the D-Link router by exploiting the flaw, this allows them to change setting to run various attacks like traffic redirection through DNS hijacking. Exactly one month ago, a similar flaw was discovered by the Bulgarian security expert Todor Donev, member of the Ethical Hacker research team in other devices. The expert discovered a critical vulnerability the ZynOS firmware, which is used by D-Link and many other devices from other vendors, including TP-Link and ZTE.
This new vulnerability affecting a number of D-Link home routers was discovered by the security researcher Peter Adkins which reported it to the vendor in January without success.
“Due to the nature of the the ping.ccp vulnerability, an attacker can gain root access, hijack DNS settings or execute arbitrary commands on these devices with the user simply visiting a webpage with a malicious HTTP form embedded (via CSRF),” Adkins said in a description of the issue on GitHub.
According to the advisory published on the SecLists.org, the vulnerability was discovered also by the researcher Tiago Caetano Henriques of Swisscom in November, also in this case the researcher reported it to D-Link company..
“The D-Link DIR636L (possibly others) incorrectly filters input on the ‘ping’ tool which allows to inject arbitrary commands into the router. Secondly, authentication is not being performed correctly. This enables a remote attacker to gain full control of the router, for example to attack other networks in a DDoS style attack, or even expose computers behind these devices to the internet as you are able to change firewall/nat rules on this router,” states the description of the flaw from Swisscom.
Adkins explained that other versions of D-Link routers and one router from TRENDnet are affected by the same vulnerability. The flawed version of D-Link routers are:
D-Link DIR-820L (Rev A) – v1.02B10
D-Link DIR-820L (Rev A) – v1.05B03
D-Link DIR-820L (Rev B) – v2.01b02
TRENDnet TEW-731BR (Rev 2) – v2.01b01
There are no patches available for the vulnerability right now. A
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.