Researchers have found several vulnerabilities that can be exploited to take full control of some D-Link routers, and patches do not appear to be available. Serious flaws have also been discovered in routers from Linksys.
The security holes affecting D-Link devices were discovered by a research team at the Silesian University of Technology in Poland. The bugs impact the httpd server of several D-Link routers, including DWR-116, DWR-111, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, and DWR-921.
One of the vulnerabilities, tracked as CVE-2018-10822, is a directory traversal issue that allows remote attackers to read arbitrary files using a simple HTTP request. The vulnerability was previously reported to D-Link and tracked as CVE-2017-6190, but the vendor failed to address it in many of its products.
This flaw can be exploited to gain access to a file that stores the device’s admin password in clear text. The storage of passwords in clear text is the second vulnerability, identified as CVE-2018-10824.
Since this security hole poses a serious risk and is easy to exploit, the researchers have not disclosed the exact location of the file storing the admin passwords.
Once authenticated, an attacker can exploit a third vulnerability, tracked as CVE-2018-10823, to execute arbitrary commands and take full control of the device. A video shows how exploitation works:
D-Link was notified of the vulnerabilities back in May and it promised to release a patch for DWR-116 and DWR-111 devices, along with a security alert for products that have reached end of life. However, no patches appear to have been released to date and the researchers have decided to make their findings public.
“D-Link is aware of and investigating the reported multiple vulnerabilities in eight D-Link routers. We will provide updates as soon as we have more information,” D-Link told SecurityWeek.
In the meantime, the security holes can be mitigated by ensuring that the router is not accessible from the Internet.
Vulnerabilities in Linksys E-Series routers
Researchers at Cisco Talos discovered several vulnerabilities in E-Series routers from Linksys. Multiple OS command injection flaws can be exploited to hack a device and install malware on it.
Unlike the vulnerabilities in D-Link products, the ones found by Talos can only be exploited by an authenticated attacker and the vendor has released patches.
*Updated with statement from D-Link
Related: Unpatched D-Link Router Vulnerabilities Disclosed
Related: Over a Million Dasan Routers Vulnerable to Remote Hacking
Related: D-Link Patches Code Execution, XSS Flaws in Management Tool