Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Flaw in D-Link Switches Exposes Corporate Networks: Researchers

A vulnerability in certain D-Link smart switches can be exploited by remote attackers to access log and configuration files without any authentication credentials, researchers claim.

A vulnerability in certain D-Link smart switches can be exploited by remote attackers to access log and configuration files without any authentication credentials, researchers claim.

Independent security researcher Varang Amin and Aditya Sood, chief architect at Elastica’s Cloud Threat Labs, reported discovering a flaw in DGS-1210 Series Gigabit Smart Switches from D-Link.D-Link DGS-1210

According to the experts, these types of switches can be configured to store backup files, including logs, firmware and configuration files, on a web server or in the device’s flash memory. The problem is that there are no proper authorization and authentication controls, allowing an attacker to access the backup files found both on the flash memory and the web server. Sood and Amin have pointed out that the web server’s root directory is easily accessible.

“Usually, when the backup option is selected, the log files and configuration file are stored on the flash drive. Logs are enabled by default in many versions, but a majority of administrators have backup configured so downloading these files is easy,” Sood told SecurityWeek.

Researchers say the configuration and log files from the flash memory can be accessed remotely simply by knowing the targeted device’s IP address.

“Once the configuration file is accessed, all the details about the switch, including configuration, username, etc., can be obtained by the attacker. For example, the configuration can be uploaded on another switch (purchased from the market) to obtain the details. Log files reveal information about the clients that accessed the switch and other infrastructure-related information,” Sood told SecurityWeek. “Compromising network switches can have disastrous consequences as the attacker can control the traffic flow.”

Sood says the flaw was reported to D-Link on October 7, but the company has yet to release a fix for it.

The researchers disclosed their findings recently at the ToorCon security conference, but exploit details have not been made public to give the vendor time to address the issue. The networking firm has not responded to SecurityWeek’s inquiries regarding the availability of a patch.

UPDATE. Sood informed SecurityWeek that D-Link released a patch for the vulnerability on January 20, 2016.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.