D-Link remote access vulnerabilities remain unpatched

The worst one could allow a remote attacker to change DNS settings

D-Link routers have several unpatched vulnerabilities, the worst of which could allow an attacker to gain total control over a device, according to a systems engineer in Canada.

Peter Adkins, who does security research in his free time, released details of the flaws on Thursday. Adkins said in a phone interview that he has been in intermittent contact with D-Link since Jan. 11 on the issues, but the company has not indicated when it might patch.

"I believe it's probably better for the end user to know that these exist than be completely in the dark for months on end while the vendor prepares patches," he said.

D-Link officials did not have an immediate comment.

Adkins published an extensive writeup of his findings on Github. The most serious problem is a cross-site request forgery vulnerability (CSRF), a type of Web application flaw, Adkins said.

The flaw can be exploited if an attacker can lure a user into visiting a specially-crafted malicious Web page that delivers a html form using Javascript, he said.

The form accesses a service running on the router called ncc/ncc2 which does not filter out malicious commands. The ncc/ncc2 service appears to handle dynamic requests, such as updating usernames and passwords, Adkins said.

As a result, an attacker can gain full access to the router, and perform actions such as launching a telnet service or changing a router's DNS (Domain Name System) settings, an attack know as pharming.

Changing DNS settings is particularly dangerous, as it means a victim who types in the correct domain name for a website in a Web browser can end up on a fraudulent one.

Many routers have a defensive mechanism that is designed to block CSRF requests. But Adkins said the D-Link models he tested do not have that capability.

Adkins also found other problems in the ncc/ncc2 service that involved accepting remote requests without authentication.

For example, he found he could access some diagnostic functions through the ncc/ncc2 service, which also could be abused to launch telnet. Adkins said he thinks that functionality might have been left in place so ISPs could run diagnostic tests on a router. But it still has nasty security consequences.

He also found it is possible to upload files to the file systems of the routers. That again is due to a fault in the ncc/ncc2 service, which allows for firmware upgrades to be uploaded using a HTTP POST request.

If a person tries to do that but isn't logged into the router, the device will display a warning. However, Adkins found that an uploaded file is written to the file system anyway before that warning is displayed.

Also, an uploaded file is stored in the same place where the system configurations are kept, which means an attacker could overwrite DNS settings.

"Although it will pop back and say you are not authorized, it will go ahead and write that to the file system anyway," he said.

Adkins said this attack will only work if WAN management is enabled, which allows someone to remotely log into a router and change its settings, he said.

Most users don't need that enabled and should shut it off, he said. But some router manufacturers have incorporated that capability as part of storage services they offer, Adkins said. Some routers have USB ports that allow consumers to plug in a hard drive to it and access content from it remotely.

Many D-Link routers could be affected by all of the flaws. Adkins confirmed D-Link's DIR-820L running firmware versions 1.02B10, 1.05B03 and 2.01b02 are vulnerable. He suspects other models of D-Link routers could be affected, which he lists in his advisory, but he has not tested them.

A router from Trendnet, the TEW-731BR, was also affected, but that vendor has patched, Adkins said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securityTRENDnetD-Link

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?