D-Link removes fingers from ears, preps mass router patch

Amnesia strikes as hacker discloses remote code exec flaws

Domestic router Daddy D-Link is patching dangerous remote access flaws in several models of its networking gear.

The patches follow a round of zero-day disclosures by Canadian researcher Peter Adkins early this week, after D-Link allegedly cut communication while he quietly disclosed the flaws.

The most severe flaw allowed attackers to hijack the devices including changing DNS settings by creating malicious sites which exploit cross-site request forgeries.

D-Link issued an advisory in which it warns DIR models 626L; 636L; 808L; 810L; 820L; 826L; 830, and 836L are open to remote code execution.

D-Link says attackers can upload and run files without authentication from the LAN-side of the device or over the internet if the "external connections" box was taken off default and ticked.

"A second vulnerability reportedly relates to the device’s ping utility that might permit command injection without authentication," the company says of Adkin's work.

"A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration."

Adkins told El Reg ,many of the security failings in home routers could be put down to expansive feature sets.

"The platforms the devices are build upon may be solid - such as OpenWRT - but then additional services are 'bolted in' to provide value-add, and that security seems to go straight out of the window," Adkin says.

Other routers may be affected due to the location of ncc and ncc2 binaries Fellow router hackers Stefan Viehböck and Jeremy Richards found further flaws in five TRENDnet offerings since patched, plus another D-Link mess.

Adkins reports contact between D-Link and himself ceased around February 23 when D-Link, after confirming receipt of the vulnerability reports on 11 January, said they had no knowledge of the holes and directed him to the company security reporting guide.

The company recommends users run encrypted wireless to prevent the low chance that passing hackers would break into the networks.

Only the DIR-820L was patched. ®


Biting the hand that feeds IT © 1998–2017