Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Critical Vulnerabilities Allow Takeover of D-Link Routers

Researchers have found several vulnerabilities that can be exploited to take full control of some D-Link routers, and patches do not appear to be available. Serious flaws have also been discovered in routers from Linksys.

Researchers have found several vulnerabilities that can be exploited to take full control of some D-Link routers, and patches do not appear to be available. Serious flaws have also been discovered in routers from Linksys.

The security holes affecting D-Link devices were discovered by a research team at the Silesian University of Technology in Poland. The bugs impact the httpd server of several D-Link routers, including DWR-116, DWR-111, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, and DWR-921.

One of the vulnerabilities, tracked as CVE-2018-10822, is a directory traversal issue that allows remote attackers to read arbitrary files using a simple HTTP request. The vulnerability was previously reported to D-Link and tracked as CVE-2017-6190, but the vendor failed to address it in many of its products.

This flaw can be exploited to gain access to a file that stores the device’s admin password in clear text. The storage of passwords in clear text is the second vulnerability, identified as CVE-2018-10824.

Since this security hole poses a serious risk and is easy to exploit, the researchers have not disclosed the exact location of the file storing the admin passwords.

Once authenticated, an attacker can exploit a third vulnerability, tracked as CVE-2018-10823, to execute arbitrary commands and take full control of the device. A video shows how exploitation works:

D-Link was notified of the vulnerabilities back in May and it promised to release a patch for DWR-116 and DWR-111 devices, along with a security alert for products that have reached end of life. However, no patches appear to have been released to date and the researchers have decided to make their findings public.

Advertisement. Scroll to continue reading.

“D-Link is aware of and investigating the reported multiple vulnerabilities in eight D-Link routers. We will provide updates as soon as we have more information,” D-Link told SecurityWeek.

In the meantime, the security holes can be mitigated by ensuring that the router is not accessible from the Internet.

Vulnerabilities in Linksys E-Series routers

Researchers at Cisco Talos discovered several vulnerabilities in E-Series routers from Linksys. Multiple OS command injection flaws can be exploited to hack a device and install malware on it.

Unlike the vulnerabilities in D-Link products, the ones found by Talos can only be exploited by an authenticated attacker and the vendor has released patches.

*Updated with statement from D-Link

Related: Unpatched D-Link Router Vulnerabilities Disclosed

Related: Over a Million Dasan Routers Vulnerable to Remote Hacking

Related: D-Link Patches Code Execution, XSS Flaws in Management Tool

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.