Jump to content
  • D-Link issues hotfix for hard-coded password router vulnerabilities


    Karlston

    • 905 views
    • 3 minutes
     Share


    • 905 views
    • 3 minutes

    D-Link issues hotfix for hard-coded password router vulnerabilities

    D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router.

     

    Following successful exploitation, they can let attackers execute arbitrary code on unpatched routers, gain access to sensitive information or crash the routers after triggering a denial of service state.

     

    The DIR-3040 security flaws discovered and reported by Cisco Talos security researcher Dave McDaniel include hardcoded passwords, command injection, and information disclosure bugs.

    Authentication bypass via specially crafted requests

    The CVE-2021-21818 and CVE-2021-21820 hard-coded password and credentials vulnerabilities [1, 2] exist in the router's Zebra IP Routing Manager and the Libcli Test Environment functionality.

     

    Both of them allow threat actors targeting vulnerable D-Link DIR-3040 routers to bypass the authentication process configured by the software administrator.

     

    Attackers can trigger them by sending a sequence of specially crafted network requests that lead either to denial of service and code execution on the targeted router, respectively.

     

    CVE-2021-21819, a critical OS command injection vulnerability found in the router's Libcli Test Environment functionality, can also be abused by adversaries for code execution.

     

    Additionally, it makes it possible to start a "hidden telnet service can be started without authentication by visiting https:///start_telnet" and log into the Libcli test environment using a default password stored in unencrypted form on the router.

    Vulnerabilities addressed in firmware hotfix

    D-Link has resolved the bugs found in firmware version 1.13B03 and has issued a firmware hotfix for all affected customers on July 15, 2021, available for download here.

     

    The complete list of vulnerabilities addressed by D-Link with these hotfix includes:

     

    • CVE-2021-21816 - Syslog information disclosure vulnerability
    • CVE-2021-21817 - Zebra IP Routing Manager information disclosure vulnerability
    • CVE-2021-21818 - Zebra IP Routing Manager hard-coded password vulnerability
    • CVE-2021-21819 - Libcli command injection vulnerability
    • CVE-2021-21820 - Libcli Test Environment hard-coded password vulnerability

     

    D-Link says that the firmware hotfix released to address the bugs found by Cisco Talos is "a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release."

     

    The table below lists the vulnerable router models and links to the updated firmware version containing the fix.

     

    Model Hardware Revision Affected FW Fixed FW Recommendation Last Updated
    DIR-3040 All Ax Hardware Revisions v1.13B03 & Below v1.13B03 Hotfix

    1) Please Download Patch and Update Device

    2) Full QA Firmware under test for automatic F/W update notification on D-Link Wifi mobile App

    06/09/2021

     

    D-Link has patched other severe vulnerabilities in multiple router models in the past, including remote command injection bugs enabling attackers to take complete control of vulnerable devices.

     

    Previously, the company fixed five critical vulnerabilities impacting some of its routers that made it possible for threat actors to steal admin credentials, bypass authentication, and execute arbitrary code in reflected Cross-Site Scripting (XSS) attacks.

     

     

    D-Link issues hotfix for hard-coded password router vulnerabilities


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...