New vulnerabilities in D-Link routers have been discovered and exploited in the wild.
The three D-link vulnerabilities that raised concerns among cybersecurity experts were found in the D-Link DIR-600 router series.
The specific vulnerability, identified as CVE-2023-33625, relates to D-Link DIR-600 Hardware Version B5, Firmware Version 2.18.
The flaw involves a command injection vulnerability via the ST parameter in the lxmldbc_system() function. For those unaware, D-Link DIR-600 routers are commonly used for home and small office networks.
These D-link vulnerabilities stem from a lack of proper filtering mechanisms in the user-supplied data before passing it to the system().
Consequently, an attacker can send malicious data and exploit this vulnerability to execute arbitrary commands. This type of attack is known as the Pre-Authentication command injection.
D-Link vulnerabilities exploited in the wild
To understand the gravity of these D-Link vulnerabilities, let’s delve into the technical details.
The flaw resides in the ssdp.cgi binary, where the vulnerability occurs during the parsing of the HTTP request header field.
Attackers can leverage this weakness by manipulating the input to execute unauthorized commands, potentially compromising the security and integrity of the affected devices.
Given the severity of these D-Link vulnerabilities, it is crucial for D-Link DIR-600 users to take immediate action to safeguard their networks.
The affected hardware version is B5, while firmware version 2.18 is vulnerable to exploitation. As D-Link recommends, users are advised to update their firmware promptly to the latest version.
D-Link, a reputable networking equipment manufacturer, has acknowledged the vulnerabilities and is actively addressing the issue. Users are encouraged to visit D-Link’s official website (https://www.dlink.com/) for more information on the affected product.
Additionally, the firmware download address (https://www.dlinktw.com.tw/techsupport/ProductInfo.aspx?m=DIR-600) provides access to the latest firmware version, ensuring enhanced security measures.
D-Link fixes two critical vulnerabilities in D-Link D-View 8 network management suite
In May 2023, D-Link successfully resolved two critical vulnerabilities in its D-View 8 network management suite.
These vulnerabilities posed significant risks, including the potential for authentication bypass and the execution of arbitrary code.
D-Link’s D-View 8 network management suite is a valuable tool for customers, enabling them to efficiently monitor network performance, configure devices, and manage their networks.
On December 23, 2022, Trend Micro’s Zero Day Initiative (ZDI) reported these vulnerabilities to D-Link.
The first D-link vulnerability, identified as CVE-2023-32165, involved a flaw known as D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution. Exploiting this flaw did not require authentication, granting remote attackers the ability to execute arbitrary code.
The vulnerability stemmed from inadequate validation of user-supplied paths before employing them in file operations.
Consequently, an unauthorized attacker could use this flaw to execute code within the SYSTEM’s context. Andrea Micalizzi (also known as rgod) reported this vulnerability.
The second flaw, CVE-2023-32169, entailed an authentication bypass issue resulting from the TokenUtils class’s use of a hard-coded cryptographic key. Exploiting this vulnerability permitted attackers to bypass authentication on the targeted system.
Similar to the first flaw, authentication was unnecessary for exploiting this vulnerability. The specific flaw was traced to the TokenUtils class and its hard-coded cryptographic key. Piotr Bazydlo, from Trend Micro Zero Day Initiative, discovered this vulnerability.
D-Link promptly addressed these critical vulnerabilities, prioritizing the security of its customers’ network management infrastructure. By rectifying these flaws, D-Link has reinforced the integrity and reliability of its D-View 8 network management suite.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.