Risk | High |
Patch available | NO |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2018-6213 CVE-2018-6212 CVE-2018-6211 CVE-2018-6210 |
CWE-ID | CWE-798 CWE-79 CWE-78 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
DIR-620 Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | D-Link |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU13007
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-6213
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exist due use of hardcoded default credentials for web dashboard. A remote attacker can use a backdoor account to gain privileged access to the firmware, extract sensitive data, e.g., configuration files with plain-text passwords, run arbitrary JavaScript code in the user environment and run arbitrary commands in the router’s operating system (OS).
Successful exploitation of the vulnerability may result in system compromise.
To mitigate the issues Kaspersky recommends:
DIR-620: 1.0.37
External linkshttp://securelist.com/backdoors-in-d-links-backyard/85530/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13008
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-6212
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform reflected cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationTo mitigate the issues Kaspersky recommends:
DIR-620: 1.3.3
External linkshttp://securelist.com/backdoors-in-d-links-backyard/85530/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13009
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-6211
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute shell commands on the target system.
The weakness exists due to incorrect processing of the user’s input data in the certain parameter. A remote attacker can inject and execute arbitrary shell commands with root privileges.
To mitigate the issues Kaspersky recommends:
DIR-620: 1.0.3
External linkshttp://securelist.com/backdoors-in-d-links-backyard/85530/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13010
Risk: Low
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-6210
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to extract Telnet credentials.
The vulnerability exists due to use of hard-coded credentials. A remote attacker can extract Telnet credentials, use the default credentials for Telnet and get administrative access to a router (the fragment of “etc/passwd”).
MitigationTo mitigate the issues Kaspersky recommends:
DIR-620: 1.0.3 - 1.4.0
External linkshttp://securelist.com/backdoors-in-d-links-backyard/85530/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.