LTS Secure Warning: Flaws found in D-Link routers

Kaspersky Lab security researchers have discovered four serious vulnerabilities in D-Link DIR-620 wireless router firmware, that can provide access to attackers from anywhere from the world.

These vulnerabilities originally identified in firmware version 1.0.37, later in other versions (1.3.1, 1.3.3, 1.4.0, and 2.0.22).

Technical Details

The latest version of the D-Link firmware has hardcoded credentials, that can provide access to attackers to the firmware and helps to steal confidential data.

Currently, there are 4 critical vulnerabilities that are reported and all the vulnerabilities contain the high severity rate that causes very serious damages.

  1. Reflected cross-site scripting (CVE-2018-6212) – First is a reflected cross-site scripting (XSS) vulnerability in the firmware’s web portal.
  2. Default credentials for web dashboard (CVE-2018-6213) – The second vulnerability involves hard-coded, privileged credentials found by analyzing the firmware’s binaries.
  3. OS command injection (CVE-2018-6211) – An OS command injection vulnerability is possible as a result of incorrect processing of the user’s input data in the following parameter.
  4. Default credentials for Telnet (CVE-2018-6210) – By using the command injection above an attacker can extract Telnet credentials for the router, which are also hardcoded into the firmware.

Impact

This vulnerability mostly affects D-Link wireless router firmware versions (1.3.1, 1.3.3, 1.4.0, and 2.0.22).

Recommended Actions

  • Restrict web dashboard using pre-approved IP address.
  • Restrict any access to Telnet.
  • Regularly update router admin username and password.

 

Kaspersky Lab has released a security advisory about D-Link Routers Vulnerabilities on May 23, 2018.